[lxc-devel] [PATCH 1/1] lxc: manually move NICs back to host after container stops
Stéphane Graber
stgraber at ubuntu.com
Fri Mar 7 19:28:15 UTC 2014
On Fri, Mar 07, 2014 at 12:24:27PM -0600, Serge Hallyn wrote:
> This prevents things like bridges from being destroyed by the kernel.
>
> My hope is that just doing this will be enough to also ensure that
> the device will be available to be renamed immediately, so that
> we don't need to do a retry loop.
>
> Tested with a dummy device. renaming dummy0 to dummy5 in container,
> then shutting down container, returns dummy0 to the host.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/conf.c | 40 +++++++++++++++++++++++++++++++++++++++-
> src/lxc/conf.h | 2 +-
> src/lxc/start.c | 26 +++++++++++++++++++++++++-
> 3 files changed, 65 insertions(+), 3 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 1cb058d..58a9b4f 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2558,11 +2558,49 @@ static int setup_network(struct lxc_list *network)
> return 0;
> }
>
> -void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf)
> +/* try to move physical nics to the init netns */
> +void restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf)
> +{
> + int i, ret, oldfd;
> + char path[MAXPATHLEN];
> +
> + if (netnsfd < 0)
> + return;
> +
> + ret = snprintf(path, MAXPATHLEN, "/proc/self/ns/net");
> + if (ret < 0 || ret >= MAXPATHLEN) {
> + WARN("Failed to open monitor netns fd");
> + return;
> + }
> + if ((oldfd = open(path, O_RDONLY)) < 0) {
> + SYSERROR("Failed to open monitor netns fd");
> + return;
> + }
> + if (setns(netnsfd, 0) != 0) {
> + SYSERROR("Failed to enter container netns to reset nics");
> + close(oldfd);
> + return;
> + }
> + for (i=0; i<conf->num_savednics; i++) {
> + struct saved_nic *s = &conf->saved_nics[i];
> + if (lxc_netdev_move_by_index(s->ifindex, 1))
> + WARN("Error moving nic index:%d back to host netns",
> + s->ifindex);
> + }
> + if (setns(oldfd, 0) != 0)
> + SYSERROR("Failed to re-enter monitor's netns");
> + close(oldfd);
> +}
> +
> +void lxc_rename_phys_nics_on_shutdown(int netnsfd, struct lxc_conf *conf)
> {
> int i;
>
> + if (conf->num_savednics == 0)
> + return;
> +
> INFO("running to reset %d nic names", conf->num_savednics);
> + restore_phys_nics_to_netns(netnsfd, conf);
> for (i=0; i<conf->num_savednics; i++) {
> struct saved_nic *s = &conf->saved_nics[i];
> INFO("resetting nic %d to %s", s->ifindex, s->orig_name);
> diff --git a/src/lxc/conf.h b/src/lxc/conf.h
> index 4591470..2804212 100644
> --- a/src/lxc/conf.h
> +++ b/src/lxc/conf.h
> @@ -369,7 +369,7 @@ extern int lxc_clear_groups(struct lxc_conf *c);
> struct cgroup_process_info;
> extern int lxc_setup(struct lxc_handler *handler);
>
> -extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
> +extern void lxc_rename_phys_nics_on_shutdown(int netnsfd, struct lxc_conf *conf);
>
> extern int find_unmapped_nsuid(struct lxc_conf *conf, enum idtype idtype);
> extern int mapped_hostid(unsigned id, struct lxc_conf *conf, enum idtype idtype);
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index eb1c659..bae01e4 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -1000,12 +1000,33 @@ out_abort:
> return -1;
> }
>
> +int get_netns_fd(int pid)
> +{
> + char path[MAXPATHLEN];
> + int ret, fd;
> +
> + ret = snprintf(path, MAXPATHLEN, "/proc/%d/ns/net", pid);
> + if (ret < 0 || ret >= MAXPATHLEN) {
> + WARN("Failed to pin netns file for pid %d", pid);
> + return -1;
> + }
> +
> + fd = open(path, O_RDONLY);
> + if (fd < 0) {
> + WARN("Failed to pin netns file %s for pid %d: %s",
> + path, pid, strerror(errno));
> + return -1;
> + }
> + return fd;
> +}
> +
> int __lxc_start(const char *name, struct lxc_conf *conf,
> struct lxc_operations* ops, void *data, const char *lxcpath)
> {
> struct lxc_handler *handler;
> int err = -1;
> int status;
> + int netnsfd = -1;
>
> handler = lxc_init(name, conf, lxcpath);
> if (!handler) {
> @@ -1032,6 +1053,8 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
> goto out_fini_nonet;
> }
>
> + netnsfd = get_netns_fd(handler->pid);
> +
> err = lxc_poll(name, handler);
> if (err) {
> ERROR("mainloop exited with an error");
> @@ -1065,7 +1088,8 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
> }
> }
>
> - lxc_rename_phys_nics_on_shutdown(handler->conf);
> + lxc_rename_phys_nics_on_shutdown(netnsfd, handler->conf);
> + close(netnsfd);
>
> if (handler->pinfd >= 0) {
> close(handler->pinfd);
> --
> 1.9.0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140307/ef918671/attachment.pgp>
More information about the lxc-devel
mailing list