[lxc-devel] [lxc/lxc] 4e4832: lxc-start: remove unnecessary checks
GitHub
noreply at github.com
Sun Nov 5 03:27:47 UTC 2017
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: 4e4832eeb388608b03dbda3bc3bf28a9072a72d3
https://github.com/lxc/lxc/commit/4e4832eeb388608b03dbda3bc3bf28a9072a72d3
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/tools/lxc_start.c
Log Message:
-----------
lxc-start: remove unnecessary checks
The console struct is internal and liblxc takes care of creating paths.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 6e5fc7a5c7d264989fd1df256d0929a9cd3d382f
https://github.com/lxc/lxc/commit/6e5fc7a5c7d264989fd1df256d0929a9cd3d382f
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: close non-needed file descriptors
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: f0ecc19d8f61a972a0b508a40bf021d91ef34bb3
https://github.com/lxc/lxc/commit/f0ecc19d8f61a972a0b508a40bf021d91ef34bb3
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/commands.c
M src/lxc/network.c
M src/lxc/network.h
M src/lxc/start.c
M src/lxc/start.h
Log Message:
-----------
handler: make name argument const
There's no obvious need to strdup() the name of the container in the handler.
We can simply make this a pointer to the memory allocated in
lxc_container_new().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 28d9e29e18dcdae5bb9efb5613069d9fa658ea26
https://github.com/lxc/lxc/commit/28d9e29e18dcdae5bb9efb5613069d9fa658ea26
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
M src/lxc/confile_utils.c
M src/lxc/confile_utils.h
M src/lxc/namespace.c
M src/lxc/namespace.h
M src/lxc/network.c
M src/lxc/start.c
M src/lxc/start.h
M src/lxc/tools/lxc_start.c
Log Message:
-----------
confile: add lxc.namespace.<namespace-key>
This commit also gets rid of ~10 unnecessarily file descriptors that were kept
open. Before we kept open:
- A set of file descriptors that refer to the monitor's namespaces. These were
only used to reattach to the monitor's namespace in lxc_spawn() and were
never used anywhere else. So close them and don't keep them around.
- A list of inherited file descriptors.
- A list of file descriptors referring to the containers's namespaces to pass
to lxc.hook.stop. This list duplicated inherited file descriptors.
Let's simply use a single list in the handler that has all file descriptors we
need and get rid of all other ones. As an illustration. Starting a container
1. Without this patch and looking at the fds that the monitor keeps open (26):
chb at conventiont|~
> ls -al /proc/27219/fd
total 0
dr-x------ 2 root root 0 Oct 29 14:30 .
dr-xr-xr-x 9 root root 0 Oct 29 14:30 ..
lrwx------ 1 root root 64 Oct 29 14:30 0 -> /dev/null
lrwx------ 1 root root 64 Oct 29 14:30 1 -> /dev/null
lrwx------ 1 root root 64 Oct 29 14:30 10 -> anon_inode:[signalfd]
lrwx------ 1 root root 64 Oct 29 14:30 11 -> /dev/ptmx
lrwx------ 1 root root 64 Oct 29 14:30 12 -> /dev/pts/10
lr-x------ 1 root root 64 Oct 29 14:30 13 -> net:[4026532553]
lrwx------ 1 root root 64 Oct 29 14:30 15 -> socket:[7909181]
lrwx------ 1 root root 64 Oct 29 14:30 16 -> socket:[7909182]
lr-x------ 1 root root 64 Oct 29 14:30 17 -> uts:[4026531838]
lr-x------ 1 root root 64 Oct 29 14:30 18 -> ipc:[4026531839]
lr-x------ 1 root root 64 Oct 29 14:30 19 -> net:[4026532009]
lrwx------ 1 root root 64 Oct 29 14:30 2 -> /dev/null
lr-x------ 1 root root 64 Oct 29 14:30 20 -> mnt:[4026532611]
lr-x------ 1 root root 64 Oct 29 14:30 21 -> pid:[4026532612]
lr-x------ 1 root root 64 Oct 29 14:30 22 -> uts:[4026532548]
lr-x------ 1 root root 64 Oct 29 14:30 23 -> ipc:[4026532549]
lr-x------ 1 root root 64 Oct 29 14:30 24 -> net:[4026532553]
l-wx------ 1 root root 64 Oct 29 14:30 3 -> /var/log/lxc/a1.log
lr-x------ 1 root root 64 Oct 29 14:30 4 -> uts:[4026532548]
lr-x------ 1 root root 64 Oct 29 14:30 5 -> ipc:[4026532549]
lr-x------ 1 root root 64 Oct 29 14:30 6 -> net:[4026532553]
lrwx------ 1 root root 64 Oct 29 14:30 7 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Oct 29 14:30 9 -> socket:[7911594]
2. With this patch and looking at the fds that the monitor keeps open (19):
chb at conventiont|~
> ls -al /proc/28465/fd
total 0
dr-x------ 2 root root 0 Oct 29 14:31 .
dr-xr-xr-x 9 root root 0 Oct 29 14:31 ..
lrwx------ 1 root root 64 Oct 29 14:31 0 -> /dev/null
lrwx------ 1 root root 64 Oct 29 14:31 1 -> /dev/null
lr-x------ 1 root root 64 Oct 29 14:31 10 -> net:[4026532820]
lrwx------ 1 root root 64 Oct 29 14:31 12 -> socket:[7912349]
lrwx------ 1 root root 64 Oct 29 14:31 13 -> socket:[7912350]
lr-x------ 1 root root 64 Oct 29 14:31 14 -> mnt:[4026532611]
lr-x------ 1 root root 64 Oct 29 14:31 15 -> pid:[4026532813]
lr-x------ 1 root root 64 Oct 29 14:31 16 -> uts:[4026532612]
lr-x------ 1 root root 64 Oct 29 14:31 17 -> ipc:[4026532613]
lr-x------ 1 root root 64 Oct 29 14:31 18 -> net:[4026532820]
lrwx------ 1 root root 64 Oct 29 14:31 2 -> /dev/null
l-wx------ 1 root root 64 Oct 29 14:31 3 -> /var/log/lxc/a1.log
lrwx------ 1 root root 64 Oct 29 14:31 4 -> anon_inode:[signalfd]
lrwx------ 1 root root 64 Oct 29 14:31 5 -> /dev/ptmx
lrwx------ 1 root root 64 Oct 29 14:31 6 -> /dev/pts/10
lrwx------ 1 root root 64 Oct 29 14:31 7 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Oct 29 14:31 9 -> socket:[7913041]
Relates to #1881.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: a9e1109e0773b8197ec91ce962e3a4233a737050
https://github.com/lxc/lxc/commit/a9e1109e0773b8197ec91ce962e3a4233a737050
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: close data socket in parent
Brings the number of open fds in the monitor process for a standard container
without ttys down to 17.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 2469f9b65e46b559e51ebeb3d1f6107f5408cfcf
https://github.com/lxc/lxc/commit/2469f9b65e46b559e51ebeb3d1f6107f5408cfcf
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/monitor.c
Log Message:
-----------
monitor: do not log useless warnings
lxc-monitord is deprecated so this is expected to fail.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: fa3a5b220528f55c0e7eae4b708729256e71397c
https://github.com/lxc/lxc/commit/fa3a5b220528f55c0e7eae4b708729256e71397c
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: rework ns sharing + add userns sharing
- Implement inheriting user namespaces.
- When inheriting user namespaces make sure to not try and map ids again. The
kernel will not allow you to do this.
- Change clone() logic:
1. If we inherit no namespaces simply call lxc_clone().
2. If we inherit any namespaces call lxc_fork_attach_clone(). Here's why:
- Causes one syscall (fork()) instead of two syscalls (setns() to
inherited namespace and setns() back to parent namespace) to be
performed.
- Allows us to get rid of a bunch of variables and helper functions/code.
- Sharing a user namespaces requires us to setns() to the inherited user
namespace but the kernel does not allow reattaching to a parent user
namespace. So the old logic made user namespace inheritance impossible.
By using the lxc_fork_attach_clone() model we can simply setns() to the
inherited user namespace in the fork()ed child and be done with it.
The only thing we need to do is to specify CLONE_PARENT when calling
clone() in lxc_fork_attach_clone() so that we can wait on the child.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 6b9f82a9f552a92698d15ab605468f757ccbd32c
https://github.com/lxc/lxc/commit/6b9f82a9f552a92698d15ab605468f757ccbd32c
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/network.c
Log Message:
-----------
network: reap child in all cases
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 686dd5d1142359d73090cbc964131f256a540b4f
https://github.com/lxc/lxc/commit/686dd5d1142359d73090cbc964131f256a540b4f
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2017-11-03 (Fri, 03 Nov 2017)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: reap child in all cases
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 2ed797da7e36d25ea3377494d8a7ec024140445f
https://github.com/lxc/lxc/commit/2ed797da7e36d25ea3377494d8a7ec024140445f
Author: Serge Hallyn <serge at hallyn.com>
Date: 2017-11-04 (Sat, 04 Nov 2017)
Changed paths:
M src/lxc/commands.c
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/confile.c
M src/lxc/confile_utils.c
M src/lxc/confile_utils.h
M src/lxc/monitor.c
M src/lxc/namespace.c
M src/lxc/namespace.h
M src/lxc/network.c
M src/lxc/network.h
M src/lxc/start.c
M src/lxc/start.h
M src/lxc/tools/lxc_start.c
Log Message:
-----------
Merge pull request #1884 from brauner/2017-10-28/move_tools_to_api_only
confile: add lxc.namespace.<namespace-key> + add user namespace sharing + rework start logic
Compare: https://github.com/lxc/lxc/compare/190f9aeedcc7...2ed797da7e36
More information about the lxc-devel
mailing list