[lxc-devel] [PATCH -stable] Do not allow snapshots of LVM backed containers

Stéphane Graber stgraber at ubuntu.com
Fri Aug 8 18:36:39 UTC 2014 

On Fri, Aug 08, 2014 at 06:31:45PM +0000, Serge Hallyn wrote:
> They don't work right now, so until we fix that, don't allow it.
> 
> (This patch is for stable-1.0)
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/bdev.c         | 22 ++++++++++++++++++++++
>  src/lxc/bdev.h         |  2 ++
>  src/lxc/lxccontainer.c |  6 ++++++
>  3 files changed, 30 insertions(+)
> 
> diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c
> index 8d907af..5e45fa9 100644
> --- a/src/lxc/bdev.c
> +++ b/src/lxc/bdev.c
> @@ -520,6 +520,7 @@ static const struct bdev_ops dir_ops = {
>  	.destroy = &dir_destroy,
>  	.create = &dir_create,
>  	.can_snapshot = false,
> +	.can_backup = true,
>  };
>  
>  
> @@ -784,6 +785,7 @@ static const struct bdev_ops zfs_ops = {
>  	.destroy = &zfs_destroy,
>  	.create = &zfs_create,
>  	.can_snapshot = true,
> +	.can_backup = true,
>  };
>  
>  //
> @@ -1179,6 +1181,7 @@ static const struct bdev_ops lvm_ops = {
>  	.destroy = &lvm_destroy,
>  	.create = &lvm_create,
>  	.can_snapshot = true,
> +	.can_backup = false,
>  };
>  
>  /*
> @@ -1858,6 +1861,7 @@ static const struct bdev_ops btrfs_ops = {
>  	.destroy = &btrfs_destroy,
>  	.create = &btrfs_create,
>  	.can_snapshot = true,
> +	.can_backup = true,
>  };
>  
>  //
> @@ -2129,6 +2133,7 @@ static const struct bdev_ops loop_ops = {
>  	.destroy = &loop_destroy,
>  	.create = &loop_create,
>  	.can_snapshot = false,
> +	.can_backup = true,
>  };
>  
>  //
> @@ -2426,6 +2431,7 @@ static const struct bdev_ops overlayfs_ops = {
>  	.destroy = &overlayfs_destroy,
>  	.create = &overlayfs_create,
>  	.can_snapshot = true,
> +	.can_backup = true,
>  };
>  
>  //
> @@ -2703,6 +2709,7 @@ static const struct bdev_ops aufs_ops = {
>  	.destroy = &aufs_destroy,
>  	.create = &aufs_create,
>  	.can_snapshot = true,
> +	.can_backup = true,
>  };
>  
>  
> @@ -2769,6 +2776,9 @@ struct bdev *bdev_init(const char *src, const char *dst, const char *mntopts)
>  	struct bdev *bdev;
>  	const struct bdev_type *q;
>  
> +	if (!src)
> +		return NULL;
> +
>  	q = bdev_query(src);
>  	if (!q)
>  		return NULL;
> @@ -2855,6 +2865,18 @@ bool bdev_is_dir(const char *path)
>  	return ret;
>  }
>  
> +bool bdev_can_backup(struct lxc_conf *conf)
> +{
> +	struct bdev *bdev = bdev_init(conf->rootfs.path, NULL, NULL);
> +	bool ret;
> +
> +	if (!bdev)
> +		return false;
> +	ret = bdev->ops->can_backup;
> +	bdev_put(bdev);
> +	return ret;
> +}
> +
>  /*
>   * is an unprivileged user allowed to make this kind of snapshot
>   */
> diff --git a/src/lxc/bdev.h b/src/lxc/bdev.h
> index 3dcb961..0907fb7 100644
> --- a/src/lxc/bdev.h
> +++ b/src/lxc/bdev.h
> @@ -48,6 +48,7 @@ struct bdev_ops {
>  			const char *cname, const char *oldpath, const char *lxcpath,
>  			int snap, uint64_t newsize, struct lxc_conf *conf);
>  	bool can_snapshot;
> +	bool can_backup;
>  };
>  
>  /*
> @@ -71,6 +72,7 @@ struct bdev {
>  char *overlay_getlower(char *p);
>  
>  bool bdev_is_dir(const char *path);
> +bool bdev_can_backup(struct lxc_conf *conf);
>  
>  /*
>   * Instantiate a bdev object.  The src is used to determine which blockdev
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 5166614..22373bf 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -2865,6 +2865,12 @@ static int lxcapi_snapshot(struct lxc_container *c, const char *commentfile)
>  	if (!c || !lxcapi_is_defined(c))
>  		return -1;
>  
> +	if (!bdev_can_backup(c->lxc_conf)) {
> +		ERROR("%s's backing store cannot be backed up.", c->name);
> +		ERROR("Your container must use another backing store type.");
> +		return -1;
> +	}
> +
>  	// /var/lib/lxc -> /var/lib/lxcsnaps \0
>  	ret = snprintf(snappath, MAXPATHLEN, "%ssnaps/%s", c->config_path, c->name);
>  	if (ret < 0 || ret >= MAXPATHLEN)
> -- 
> 2.1.0.rc1
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140808/a9ff4f0f/attachment.sig>

More information about the lxc-devel mailing list