[lxc-devel] [PATCH] make lxcapi_get_interfaces and lxcapi_get_ips unprivileged container aware

Wed Jan 22 18:37:57 UTC 2014

Quoting S.Çağlar Onur (caglar at 10ur.org):
> On Tue, Jan 21, 2014 at 11:38 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > Quoting Stéphane Graber (stgraber at ubuntu.com):
> >> On Tue, Jan 21, 2014 at 09:36:06PM -0500, S.Çağlar Onur wrote:
> >> > On Tue, Jan 21, 2014 at 6:41 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> >> > > Quoting S.Çağlar Onur (caglar at 10ur.org):
> >> > >> Based on Stéphane's suggestion, those two API methods now;
> >> > >>
> >> > >> * fork a new process,
> >> > >> * switch to appropriate namespace(s),
> >> > >> * do what we want,
> >> > >> * return the data over a pipe to the parent which returns the result to the original caller.
> >> > >>
> >> > >> For the whole thread please see;
> >> > >>
> >> > >>  https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-January/007362.html
> >> > >>
> >> > >> This patch also makes lxc-ls and lxc-info call those functions.
> >> > >>
> >> > >> I'm adding Stéphane as an author here since both the idea as well as
> >> > >> the initial setns code come from him.
> >> > >>
> >> > >> Author: S.Çağlar Onur <caglar at 10ur.org>
> >> > >> Author: Stéphane Graber <stgraber at ubuntu.com>
> >> > >> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
> >> > >
> >> > > Thanks, looks good except for two issues below.  With those fixed,
> >> > >
> >> > > Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> >> >
> >> > I believe Stéphane fixed them while pushing :)
> >>
> >> I did indeed and also updated the ERROR messages to be a bit more
> >> relevant (they were mentioning template creation).
> >
> > Great, thanks guys.  I"ll figure out what's going on with
> > unprivileged lxc-start using cgmanager tomorrow.
> 
> Thanks Serge, if it helps it looks like cgroup_settings variable in
> setup_limits at src/lxc/cgmanager.c fails at lxc_list_empty test but I
> couldn't figured out why.

Aaah.  I/we have been doing a bad job of keeping straight the fns which
return bool vs int.  Type checking doesn't help there.  I'm not sure
how best to handle this.  Ideally we could have the compiler warn us
when we're returning 0 instead of bool or true instead of 1.

Anyway patch below does fix it.

>From 3910a48a8392feba23c8220113a4dc8910424c01 Mon Sep 17 00:00:00 2001
From: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed, 22 Jan 2014 12:36:18 -0600
Subject: [PATCH 1/1] cgmanager: setup_limits: return true if there are no
 settings

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 src/lxc/cgmanager.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c
index 61f7f6f..033dc01 100644
--- a/src/lxc/cgmanager.c
+++ b/src/lxc/cgmanager.c
@@ -384,7 +384,7 @@ static bool setup_limits(struct lxc_handler *h, bool do_devices)
 	struct cgm_data *d = h->cgroup_info->data;
 
 	if (lxc_list_empty(cgroup_settings))
-		return 0;
+		return true;
 
 	lxc_list_for_each(iterator, cgroup_settings) {
 		char controller[100], *p;
-- 
1.8.5.3

