[lxc-devel] [lxc/master] Add a new hook named privileged-start

superboum on Github lxc-bot at linuxcontainers.org
Sun May 28 21:38:23 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 2427 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170528/5cd43de8/attachment.bin>
-------------- next part --------------
From 8614a1fc421176168e966791672e5401a3df03c4 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin at dufour.tk>
Date: Sun, 28 May 2017 23:11:24 +0200
Subject: [PATCH] Add a new hook named privileged-start

---
 src/lxc/conf.c    | 9 ++++++++-
 src/lxc/conf.h    | 3 ++-
 src/lxc/confile.c | 3 +++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 85805f975..038a6c213 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -239,7 +239,7 @@ extern int memfd_create(const char *name, unsigned int flags);
 #endif
 
 char *lxchook_names[NUM_LXC_HOOKS] = {
-	"pre-start", "pre-mount", "mount", "autodev", "start", "stop", "post-stop", "clone", "destroy" };
+	"pre-start", "pre-mount", "mount", "autodev", "priv-start", "start", "stop", "post-stop", "clone", "destroy" };
 
 typedef int (*instantiate_cb)(struct lxc_handler *, struct lxc_netdev *);
 
@@ -4227,6 +4227,11 @@ int lxc_setup(struct lxc_handler *handler)
 		return -1;
 	}
 
+	if (run_lxc_hooks(name, "priv-start", lxc_conf, lxcpath, NULL)) {
+		ERROR("failed to run privileged-start hooks for container '%s'.", name);
+		return -1;
+	}
+
 	if (!lxc_list_empty(&lxc_conf->keepcaps)) {
 		if (!lxc_list_empty(&lxc_conf->caps)) {
 			ERROR("Container requests lxc.cap.drop and lxc.cap.keep: either use lxc.cap.drop or lxc.cap.keep, not both.");
@@ -4260,6 +4265,8 @@ int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
 		which = LXCHOOK_MOUNT;
 	else if (strcmp(hook, "autodev") == 0)
 		which = LXCHOOK_AUTODEV;
+	else if (strcmp(hook, "priv-start") == 0)
+		which = LXCHOOK_PRIVSTART;
 	else if (strcmp(hook, "start") == 0)
 		which = LXCHOOK_START;
 	else if (strcmp(hook, "stop") == 0)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index a0bb05b0a..f98596656 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -301,7 +301,8 @@ enum {
  */
 enum lxchooks {
 	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
-	LXCHOOK_START, LXCHOOK_STOP, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, LXCHOOK_DESTROY,
+	LXCHOOK_PRIVSTART, LXCHOOK_START, LXCHOOK_STOP, LXCHOOK_POSTSTOP,
+	LXCHOOK_CLONE, LXCHOOK_DESTROY,
 	NUM_LXC_HOOKS};
 extern char *lxchook_names[NUM_LXC_HOOKS];
 
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 4114e9fff..771589814 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -152,6 +152,7 @@ static struct lxc_config_t config[] = {
 	{ "lxc.hook.pre-mount",       config_hook                 },
 	{ "lxc.hook.mount",           config_hook                 },
 	{ "lxc.hook.autodev",         config_hook                 },
+	{ "lxc.hook.priv-start",      config_hook                 },
 	{ "lxc.hook.start",           config_hook                 },
 	{ "lxc.hook.stop",            config_hook                 },
 	{ "lxc.hook.post-stop",       config_hook                 },
@@ -1196,6 +1197,8 @@ static int config_hook(const char *key, const char *value,
 		return add_hook(lxc_conf, LXCHOOK_AUTODEV, copy);
 	else if (strcmp(key, "lxc.hook.mount") == 0)
 		return add_hook(lxc_conf, LXCHOOK_MOUNT, copy);
+	else if (strcmp(key, "lxc.hook.priv-start") == 0)
+		return add_hook(lxc_conf, LXCHOOK_PRIVSTART, copy);
 	else if (strcmp(key, "lxc.hook.start") == 0)
 		return add_hook(lxc_conf, LXCHOOK_START, copy);
 	else if (strcmp(key, "lxc.hook.stop") == 0)

More information about the lxc-devel mailing list