[lxc-devel] [PATCH 1/1] add c->may_control
Stéphane Graber
stgraber at ubuntu.com
Mon Sep 30 14:29:50 UTC 2013
On Mon, Sep 30, 2013 at 09:53:56AM -0400, Dwight Engen wrote:
> On Fri, 27 Sep 2013 21:01:07 -0500
> Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>
> > This is an api function which will return false if the container
> > is running, and the caller may not talk to its monitor over its
> > command socket. Otherwise - if the container is not running, or
> > the caller may access it - it returns true.
> >
> > We can use this in several tools early on to prevent the segvs
> > etc which we currently get.
> >
> > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
Hi Serge,
So I'm not terribly familiar with the control code since the monitord
changes, will that code work properly if the container socket is already
in use (say by someone running lxc-wait on the container)?
I just want to make sure we won't have a possible hang when calling that
function.
>
> > ---
> > src/lxc/commands.c | 30 ++++++++++++++++++++++++++++++
> > src/lxc/commands.h | 1 +
> > src/lxc/lxccontainer.c | 6 ++++++
> > src/lxc/lxccontainer.h | 6 ++++++
> > src/tests/Makefile.am | 6 ++++--
> > src/tests/may_control.c | 46
> > ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 93
> > insertions(+), 2 deletions(-) create mode 100644
> > src/tests/may_control.c
> >
> > diff --git a/src/lxc/commands.c b/src/lxc/commands.c
> > index 7c538c6..fa6e3fb 100644
> > --- a/src/lxc/commands.c
> > +++ b/src/lxc/commands.c
> > @@ -291,6 +291,36 @@ out:
> > return ret;
> > }
> >
> > +int lxc_try_cmd(const char *name, const char *lxcpath)
> > +{
> > + int stopped, ret;
> > + struct lxc_cmd_rr cmd = {
> > + .req = { .cmd = LXC_CMD_GET_INIT_PID },
> > + };
> > +
> > + ret = lxc_cmd(name, &cmd, &stopped, lxcpath);
> > +
> > + if (stopped)
> > + return 0;
> > + if (ret > 0 && cmd.rsp.ret < 0) {
> > + errno = cmd.rsp.ret;
> > + return -1;
> > + }
> > + if (ret > 0)
> > + return 0;
> > +
> > + /*
> > + * At this point we weren't denied access, and the
> > + * container *was* started. There was some inexplicable
> > + * error in the protocol.
> > + * I'm not clear on whether we should return -1 here, but
> > + * we didn't receive a -EACCES, so technically it's not that
> > + * we're not allowed to control the container - it's just not
> > + * behaving.
> > + */
> > + return 0;
> > +}
> > +
> > /* Implentations of the commands and their callbacks */
> >
> > /*
> > diff --git a/src/lxc/commands.h b/src/lxc/commands.h
> > index 2c0258c..7829aef 100644
> > --- a/src/lxc/commands.h
> > +++ b/src/lxc/commands.h
> > @@ -88,5 +88,6 @@ extern int lxc_cmd_init(const char *name, struct
> > lxc_handler *handler, const char *lxcpath);
> > extern int lxc_cmd_mainloop_add(const char *name, struct
> > lxc_epoll_descr *descr, struct lxc_handler *handler);
> > +extern int lxc_try_cmd(const char *name, const char *lxcpath);
> >
> > #endif /* __commands_h */
> > diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> > index 1b3f2f5..060bb70 100644
> > --- a/src/lxc/lxccontainer.c
> > +++ b/src/lxc/lxccontainer.c
> > @@ -2589,6 +2589,11 @@ static bool lxcapi_snapshot_restore(struct
> > lxc_container *c, char *snapname, cha return b;
> > }
> >
> > +static bool lxcapi_may_control(struct lxc_container *c)
> > +{
> > + return lxc_try_cmd(c->name, c->config_path) == 0;
> > +}
> > +
> > static int lxcapi_attach_run_waitl(struct lxc_container *c,
> > lxc_attach_options_t *options, const char *program, const char
> > *arg, ...) { va_list ap;
> > @@ -2708,6 +2713,7 @@ struct lxc_container *lxc_container_new(const
> > char *name, const char *configpath c->snapshot = lxcapi_snapshot;
> > c->snapshot_list = lxcapi_snapshot_list;
> > c->snapshot_restore = lxcapi_snapshot_restore;
> > + c->may_control = lxcapi_may_control;
> >
> > /* we'll allow the caller to update these later */
> > if (lxc_log_init(NULL, "none", NULL, "lxc_container", 0,
> > c->config_path)) { diff --git a/src/lxc/lxccontainer.h
> > b/src/lxc/lxccontainer.h index 225fb39..20ab8e8 100644
> > --- a/src/lxc/lxccontainer.h
> > +++ b/src/lxc/lxccontainer.h
> > @@ -223,6 +223,12 @@ struct lxc_container {
> > * Returns true on success, false on failure.
> > */
> > bool (*snapshot_restore)(struct lxc_container *c, char
> > *snapname, char *newname); +
> > + /*
> > + * Return false if there is a control socket for the
> > container monitor,
> > + * and the caller may not access it. Return true otherwise.
> > + */
> > + bool (*may_control)(struct lxc_container *c);
> > };
> >
> > struct lxc_snapshot {
> > diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> > index 8157407..479facc 100644
> > --- a/src/tests/Makefile.am
> > +++ b/src/tests/Makefile.am
> > @@ -19,6 +19,7 @@ lxc_usernic_test_SOURCES
> > = ../lxc/lxc_user_nic.c ../lxc/nl.c lxc_usernic_test_CFLAGS = -DISTEST
> > lxc_test_snapshot_SOURCES = snapshot.c
> > lxc_test_concurrent_SOURCES = concurrent.c
> > +lxc_test_may_control_SOURCES = may_control.c
> >
> > AM_CFLAGS=-I$(top_srcdir)/src \
> > -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
> > @@ -31,7 +32,7 @@ bin_PROGRAMS = lxc-test-containertests
> > lxc-test-locktests lxc-test-startone \ lxc-test-destroytest
> > lxc-test-saveconfig lxc-test-createtest \ lxc-test-shutdowntest
> > lxc-test-get_item lxc-test-getkeys lxc-test-lxcpath \ lxc-test-cgpath
> > lxc-test-clonetest lxc-test-console lxc-usernic-test \
> > - lxc-test-snapshot lxc-test-concurrent
> > + lxc-test-snapshot lxc-test-concurrent lxc-test-may-control
> >
> > bin_SCRIPTS = lxc-test-usernic
> >
> > @@ -53,4 +54,5 @@ EXTRA_DIST = \
> > console.c \
> > lxc-test-usernic \
> > snapshot.c \
> > - concurrent.c
> > + concurrent.c \
> > + may_control.c
> > diff --git a/src/tests/may_control.c b/src/tests/may_control.c
> > new file mode 100644
> > index 0000000..c176087
> > --- /dev/null
> > +++ b/src/tests/may_control.c
> > @@ -0,0 +1,46 @@
> > +/* control.c
> > + *
> > + * Copyright © 2013 Canonical, Inc
> > + * Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> > + *
> > + * This program is free software; you can redistribute it and/or
> > modify
> > + * it under the terms of the GNU General Public License version 2, as
> > + * published by the Free Software Foundation.
> > + *
> > + * This program is distributed in the hope that it will be useful,
> > + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
> > + * GNU General Public License for more details.
> > + *
> > + * You should have received a copy of the GNU General Public License
> > along
> > + * with this program; if not, write to the Free Software Foundation,
> > Inc.,
> > + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> > + */
> > +
> > +#include <stdio.h>
> > +#include <stdlib.h>
> > +#include <lxc/lxccontainer.h>
> > +
> > +void usage(char *me)
> > +{
> > + printf("Usage: %s name [lxcpath]\n", me);
> > + exit(0);
> > +}
> > +
> > +int main(int argc, char *argv[])
> > +{
> > + char *lxcpath = NULL, *name;
> > + bool may = false;
> > + struct lxc_container *c;
> > +
> > + if (argc < 2)
> > + usage(argv[0]);
> > + name = argv[1];
> > + if (argc == 3)
> > + lxcpath = argv[2];
> > + c = lxc_container_new(name, lxcpath);
> > + if (c)
> > + may = c->may_control(c);
> > + printf("You may%s control %s\n", may ? "" : " not", name);
> > + exit(may ? 0 : 1);
> > +}
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130930/69128afa/attachment.pgp>
More information about the lxc-devel
mailing list