[lxc-devel] [PATCH 1/2] Turn autodev on by default
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Jan 21 00:19:01 UTC 2015
Quoting Stéphane Graber (stgraber at ubuntu.com):
> Now that autodev works fine with unprivileged containers and shouldn't
> come with any side effect, lets turn it on by default.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
In b/doc/lxc.container.conf.sgml.in you changed the
kmsg text. But not worth fixing the patch order imo.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> config/templates/archlinux.common.conf.in | 3 --
> config/templates/opensuse.common.conf.in | 3 --
> doc/lxc.container.conf.sgml.in | 4 +-
> src/lxc/conf.c | 89 +------------------------------
> templates/lxc-centos.in | 16 ------
> templates/lxc-debian.in | 1 -
> templates/lxc-fedora.in | 5 --
> templates/lxc-openmandriva.in | 1 -
> templates/lxc-oracle.in | 1 -
> 9 files changed, 3 insertions(+), 120 deletions(-)
>
> diff --git a/config/templates/archlinux.common.conf.in b/config/templates/archlinux.common.conf.in
> index 0be1958..8dea976 100644
> --- a/config/templates/archlinux.common.conf.in
> +++ b/config/templates/archlinux.common.conf.in
> @@ -4,9 +4,6 @@ lxc.include = @LXCTEMPLATECONFIG@/common.conf
> # Allow for 6 tty devices by default
> lxc.tty = 6
>
> -# Turn on autodev for systemd
> -lxc.autodev = 1
> -
> # Disable kmsg
> lxc.kmsg = 0
>
> diff --git a/config/templates/opensuse.common.conf.in b/config/templates/opensuse.common.conf.in
> index 4026975..b040e95 100644
> --- a/config/templates/opensuse.common.conf.in
> +++ b/config/templates/opensuse.common.conf.in
> @@ -1,9 +1,6 @@
> # This derives from the global common config
> lxc.include = @LXCTEMPLATECONFIG@/common.conf
>
> -# Enable autodev
> -lxc.autodev = 1
> -
> # Capabilities
> # Uncomment these if you don't run anything that needs the capability, and
> # would like the container to run with less privilege.
> diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
> index 8652373..96d574f 100644
> --- a/doc/lxc.container.conf.sgml.in
> +++ b/doc/lxc.container.conf.sgml.in
> @@ -663,7 +663,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> </term>
> <listitem>
> <para>
> - Set this to 1 to have LXC mount and populate a minimal
> + Set this to 0 to stop LXC from mounting and populating a minimal
> <filename>/dev</filename> when starting the container.
> </para>
> </listitem>
> @@ -674,7 +674,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
> <refsect2>
> <title>Enable kmsg symlink</title>
> <para>
> - Enable creating /dev/kmsg as symlink to /dev/console. This defaults to 1.
> + Enable creating /dev/kmsg as symlink to /dev/console. This defaults to 1.
> </para>
> <variablelist>
> <varlistentry>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 0e663e9..f0b2242 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2504,7 +2504,7 @@ struct lxc_conf *lxc_conf_init(void)
>
> new->loglevel = LXC_LOG_PRIORITY_NOTSET;
> new->personality = -1;
> - new->autodev = -1;
> + new->autodev = 1;
> new->console.log_path = NULL;
> new->console.log_fd = -1;
> new->console.path = NULL;
> @@ -3497,88 +3497,6 @@ int ttys_shift_ids(struct lxc_conf *c)
> }
>
> /*
> - * This routine is called when the configuration does not already specify a value
> - * for autodev (mounting a file system on /dev and populating it in a container).
> - * If a hard override value has not be specified, then we try to apply some
> - * heuristics to determine if we should switch to autodev mode.
> - *
> - * For instance, if the container has an /etc/systemd/system directory then it
> - * is probably running systemd as the init process and it needs the autodev
> - * mount to prevent it from mounting devtmpfs on /dev on it's own causing conflicts
> - * in the host.
> - *
> - * We may also want to enable autodev if the host has devtmpfs mounted on its
> - * /dev as this then enable us to use subdirectories under /dev for the container
> - * /dev directories and we can fake udev devices.
> - */
> -struct start_args {
> - char *const *argv;
> -};
> -
> -#define MAX_SYMLINK_DEPTH 32
> -
> -static int check_autodev( const char *rootfs, void *data )
> -{
> - struct start_args *arg = data;
> - int ret;
> - int loop_count = 0;
> - struct stat s;
> - char absrootfs[MAXPATHLEN];
> - char path[MAXPATHLEN];
> - char abs_path[MAXPATHLEN];
> - char *command = "/sbin/init";
> -
> - if (rootfs == NULL || strlen(rootfs) == 0)
> - return -2;
> -
> - if (!realpath(rootfs, absrootfs))
> - return -2;
> -
> - if( arg && arg->argv[0] ) {
> - command = arg->argv[0];
> - DEBUG("Set exec command to %s", command );
> - }
> -
> - strncpy( path, command, MAXPATHLEN-1 );
> -
> - if ( 0 != access(path, F_OK) || 0 != stat(path, &s) )
> - return -2;
> -
> - /* Dereference down the symlink merry path testing as we go. */
> - /* If anything references systemd in the path - set autodev! */
> - /* Renormalize to the rootfs before each dereference */
> - /* Relative symlinks should fall out in the wash even with .. */
> - while( 1 ) {
> - if ( strstr( path, "systemd" ) ) {
> - INFO("Container with systemd init detected - enabling autodev!");
> - return 1;
> - }
> -
> - ret = snprintf(abs_path, MAXPATHLEN-1, "%s/%s", absrootfs, path);
> - if (ret < 0 || ret > MAXPATHLEN)
> - return -2;
> -
> - ret = readlink( abs_path, path, MAXPATHLEN-1 );
> -
> - if ( ( ret <= 0 ) || ( ++loop_count > MAX_SYMLINK_DEPTH ) ) {
> - break; /* Break out for other tests */
> - }
> - path[ret] = '\0';
> - }
> -
> - /*
> - * Add future checks here.
> - * Return positive if we should go autodev
> - * Return 0 if we should NOT go autodev
> - * Return negative if we encounter an error or can not determine...
> - */
> -
> - /* All else fails, we don't need autodev */
> - INFO("Autodev not required.");
> - return 0;
> -}
> -
> -/*
> * _do_tmp_proc_mount: Mount /proc inside container if not already
> * mounted
> *
> @@ -3793,7 +3711,6 @@ int lxc_setup(struct lxc_handler *handler)
> const char *name = handler->name;
> struct lxc_conf *lxc_conf = handler->conf;
> const char *lxcpath = handler->lxcpath;
> - void *data = handler->data;
>
> if (do_rootfs_setup(lxc_conf, name, lxcpath) < 0) {
> ERROR("Error setting up rootfs mount after spawn");
> @@ -3812,10 +3729,6 @@ int lxc_setup(struct lxc_handler *handler)
> return -1;
> }
>
> - if (lxc_conf->autodev < 0) {
> - lxc_conf->autodev = check_autodev(lxc_conf->rootfs.mount, data);
> - }
> -
> if (lxc_conf->autodev > 0) {
> if (mount_autodev(name, lxc_conf->rootfs.mount, lxcpath)) {
> ERROR("failed to mount /dev in the container");
> diff --git a/templates/lxc-centos.in b/templates/lxc-centos.in
> index c2b4db6..fdc307a 100644
> --- a/templates/lxc-centos.in
> +++ b/templates/lxc-centos.in
> @@ -612,8 +612,6 @@ lxc.include = @LXCTEMPLATECONFIG@/centos.common.conf
> lxc.arch = $arch
> lxc.utsname = $utsname
>
> -lxc.autodev = $auto_dev
> -
> # When using LXC with apparmor, uncomment the next line to run unconfined:
> #lxc.aa_profile = unconfined
>
> @@ -824,20 +822,6 @@ if [ -z "$release" ]; then
> fi
> fi
>
> -# CentOS 7 and above should run systemd. We need autodev enabled to keep
> -# systemd from causing problems.
> -#
> -# There is some ambiguity here due to the differnce between versioning
> -# of point specific releases such as 6.5 and the rolling release 6. We
> -# only want the major number here if it's a point release...
> -
> -mrelease=$(expr $release : '\([0-9]*\)')
> -if [ $mrelease -gt 6 ]; then
> - auto_dev="1"
> -else
> - auto_dev="0"
> -fi
> -
> if [ "$(id -u)" != "0" ]; then
> echo "This script should be run as 'root'"
> exit 1
> diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
> index 65093f3..0a3c402 100644
> --- a/templates/lxc-debian.in
> +++ b/templates/lxc-debian.in
> @@ -191,7 +191,6 @@ configure_debian_systemd()
> init="$(chroot ${rootfs} dpkg-query --search /sbin/init | cut -d : -f 1)"
> if [ "$init" = "systemd-sysv" ]; then
> # only appropriate when systemd is PID 1
> - echo 'lxc.autodev = 1' >> "$path/config"
> echo 'lxc.kmsg = 0' >> "$path/config"
> fi
>
> diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
> index 210f2e7..36d22c5 100644
> --- a/templates/lxc-fedora.in
> +++ b/templates/lxc-fedora.in
> @@ -1119,13 +1119,8 @@ lxc.include = @LXCTEMPLATECONFIG@/fedora.common.conf
>
> if [ "x$have_systemd" = "x1" ]; then
> cat <<EOF >> $config_path/config
> -lxc.autodev = 1
> lxc.kmsg = 0
> EOF
> - else
> - cat <<EOF >> $config_path/config
> -lxc.autodev = 0
> -EOF
> fi
>
> # Append things which require expansion here...
> diff --git a/templates/lxc-openmandriva.in b/templates/lxc-openmandriva.in
> index be8023e..46c829d 100644
> --- a/templates/lxc-openmandriva.in
> +++ b/templates/lxc-openmandriva.in
> @@ -229,7 +229,6 @@ copy_configuration()
> grep -q "^lxc.rootfs" $config_path/config 2>/dev/null || echo "lxc.rootfs = $rootfs_path" >> $config_path/config
> cat <<EOF >> $config_path/config
> lxc.utsname = $name
> -lxc.autodev = 1
> lxc.tty = 4
> lxc.pts = 1024
> lxc.mount = $config_path/fstab
> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> index 1f65d4c..8ec02da 100644
> --- a/templates/lxc-oracle.in
> +++ b/templates/lxc-oracle.in
> @@ -482,7 +482,6 @@ EOF
>
> # don't create kmsg symlink as it causes journald to use 100% cpu
> if [ $container_release_major = "7" ]; then
> - echo "lxc.autodev = 1" >>$cfg_dir/config
> echo "lxc.kmsg = 0" >>$cfg_dir/config
> fi
>
> --
> 1.9.1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list