[lxc-devel] [lxc/master] Add a new hook named privileged-start
superboum on Github
lxc-bot at linuxcontainers.org
Sun May 28 21:38:23 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 2427 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170528/5cd43de8/attachment.bin>
-------------- next part --------------
From 8614a1fc421176168e966791672e5401a3df03c4 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin at dufour.tk>
Date: Sun, 28 May 2017 23:11:24 +0200
Subject: [PATCH] Add a new hook named privileged-start
---
src/lxc/conf.c | 9 ++++++++-
src/lxc/conf.h | 3 ++-
src/lxc/confile.c | 3 +++
3 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 85805f975..038a6c213 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -239,7 +239,7 @@ extern int memfd_create(const char *name, unsigned int flags);
#endif
char *lxchook_names[NUM_LXC_HOOKS] = {
- "pre-start", "pre-mount", "mount", "autodev", "start", "stop", "post-stop", "clone", "destroy" };
+ "pre-start", "pre-mount", "mount", "autodev", "priv-start", "start", "stop", "post-stop", "clone", "destroy" };
typedef int (*instantiate_cb)(struct lxc_handler *, struct lxc_netdev *);
@@ -4227,6 +4227,11 @@ int lxc_setup(struct lxc_handler *handler)
return -1;
}
+ if (run_lxc_hooks(name, "priv-start", lxc_conf, lxcpath, NULL)) {
+ ERROR("failed to run privileged-start hooks for container '%s'.", name);
+ return -1;
+ }
+
if (!lxc_list_empty(&lxc_conf->keepcaps)) {
if (!lxc_list_empty(&lxc_conf->caps)) {
ERROR("Container requests lxc.cap.drop and lxc.cap.keep: either use lxc.cap.drop or lxc.cap.keep, not both.");
@@ -4260,6 +4265,8 @@ int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
which = LXCHOOK_MOUNT;
else if (strcmp(hook, "autodev") == 0)
which = LXCHOOK_AUTODEV;
+ else if (strcmp(hook, "priv-start") == 0)
+ which = LXCHOOK_PRIVSTART;
else if (strcmp(hook, "start") == 0)
which = LXCHOOK_START;
else if (strcmp(hook, "stop") == 0)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index a0bb05b0a..f98596656 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -301,7 +301,8 @@ enum {
*/
enum lxchooks {
LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
- LXCHOOK_START, LXCHOOK_STOP, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, LXCHOOK_DESTROY,
+ LXCHOOK_PRIVSTART, LXCHOOK_START, LXCHOOK_STOP, LXCHOOK_POSTSTOP,
+ LXCHOOK_CLONE, LXCHOOK_DESTROY,
NUM_LXC_HOOKS};
extern char *lxchook_names[NUM_LXC_HOOKS];
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 4114e9fff..771589814 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -152,6 +152,7 @@ static struct lxc_config_t config[] = {
{ "lxc.hook.pre-mount", config_hook },
{ "lxc.hook.mount", config_hook },
{ "lxc.hook.autodev", config_hook },
+ { "lxc.hook.priv-start", config_hook },
{ "lxc.hook.start", config_hook },
{ "lxc.hook.stop", config_hook },
{ "lxc.hook.post-stop", config_hook },
@@ -1196,6 +1197,8 @@ static int config_hook(const char *key, const char *value,
return add_hook(lxc_conf, LXCHOOK_AUTODEV, copy);
else if (strcmp(key, "lxc.hook.mount") == 0)
return add_hook(lxc_conf, LXCHOOK_MOUNT, copy);
+ else if (strcmp(key, "lxc.hook.priv-start") == 0)
+ return add_hook(lxc_conf, LXCHOOK_PRIVSTART, copy);
else if (strcmp(key, "lxc.hook.start") == 0)
return add_hook(lxc_conf, LXCHOOK_START, copy);
else if (strcmp(key, "lxc.hook.stop") == 0)
More information about the lxc-devel
mailing list