[lxc-devel] [PATCH] lxc-ls: Fix support of --nesting for unpriv
Stéphane Graber
stgraber at ubuntu.com
Tue Mar 4 22:29:48 UTC 2014
On Tue, Mar 04, 2014 at 04:23:04PM -0600, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
> > This reworks the way lxc-ls works in nesting mode. In the past it'd use
> > attach_wait's subprocess function to call itself in the container's
> > namespace, carefully only attaching to the namespaces it needed.
> >
> > This works great for system containers but not so much as soon as you
> > also need to attach to userns. Instead this fix moves all of the
> > container listing code into a get_containers function (hence the massive
> > diff, sorry), this function is then called recursively.
> >
> > For running containers, the function is called through attach_wait
> > inside the container's namespace, for stopped container, the function is
> > simply called recursively with a base path (container's rootfs) in an
> > attempt to find containers that way.
> > Communication between the parent lxc-ls and the child lxc-ls is done
> > through a temporary fd and serialized state using json (similar to what
> > was done using stdout in the previous implementation).
> >
> > As get_global_config_item unfortunately caches the values, there's no
> > easy way to figure out what the lxcpath should be for a root container
> > when running as non-root, so just use @LXCPATH@ for now and have
> > python do the parsing itself.
> >
> > As a result, the following things now work as expected:
> > - listing nested unprivileged containers (root containers inside unpriv)
> > - listing nested containers when they're not running
> > - filtering containers in nesting mode (only the first level is filtered)
> > - copy with invalid config (used to traceback)
> >
> > Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> One change below,
>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> ...
>
> > +# List of containers, stored as dictionaries
> > +def get_containers(fd=None, base="/", root=False):
> > + containers = []
> > +
> > + paths = [args.lxcpath]
> > +
> > + if not root:
> > + paths.append(get_root_path(base))
> > +
> > + # Generate a unique list of valid paths
> > + paths = set([os.path.normpath("%s/%s" % (base, path)) for path in paths])
> > +
> > + for path in paths:
> > + if not os.access(path, os.R_OK):
> > + continue
> > +
> > + for container_name in lxc.list_containers(config_path=path):
> > + entry = {}
> > + entry['name'] = container_name
> > +
> > + # Apply filter
> > + if root and args.filter and \
> > + not re.match(args.filter, container_name):
> > + continue
> > +
> > + # Return before grabbing the object (non-root)
> > + if not args.state and not args.fancy and not args.nesting:
> > + containers.append(entry)
> > + continue
> > +
> > + try:
> > + container = lxc.Container(container_name, path)
> > + except:
> > + print("Invalid container: %s" % conainer_name, file=sys.stderr)
> > + pass
>
> I think you meant continue here instead of pass? Otherwise you
> will proceed with a bogus 'container'.
Oops, yeah, I actually fixed this locally but forgot to commit... what I
did here is drop the print() entirely as it's redundant with what LXC
will print anyway and replace the pass with continue.
>
> > +
> > + if container.controllable:
> > + state = container.state
> > + else:
> > + state = 'UNKNOWN'
> > +
> > + # Filter by status
> > + if args.state and state not in args.state:
> > + continue
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140304/ec5778fb/attachment-0001.pgp>
More information about the lxc-devel
mailing list