[lxc-devel] [lxc/lxc] 0d9cd9: lxccontainer: implement container live patching

GitHub noreply at github.com
Wed Oct 11 20:20:28 UTC 2017 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 0d9cd9c37a7fa1dabec171a2b2f95d21ad6d0730
      https://github.com/lxc/lxc/commit/0d9cd9c37a7fa1dabec171a2b2f95d21ad6d0730
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-10-11 (Wed, 11 Oct 2017)

  Changed paths:
    M src/lxc/commands.c
    M src/lxc/commands.h
    M src/lxc/lxc.h
    M src/lxc/lxccontainer.c
    M src/lxc/lxccontainer.h

  Log Message:
  -----------
  lxccontainer: implement container live patching

This adds set_running_config_item() which is the analogue of
get_running_config_item(). In essence it allows a caller to livepatch the
container's in-memory configuration. This POC is severly limited. Here are the
most obvious ones:
- Only the container's in-memory config can be updated but no further actions
  (e.g. on-disk actions) are made.
- Only keys in the "lxc.net." namespace can be changed. This POC also allows
  updating an existing network. For example it allows to change the network
  type of an existing network. This is obviously nonsense and in a non-POC
  implementation this should be blocked.

Use Case:
Callers can hotplug a new network for the container. For example, LXD can
create a pair of veth devices in the host and in the container and add it to
the container's in-memory config. This means, the container can later be
queried for the name of the device later on etc. Note that liblxc will
currently not delete hotplugged network devices on container shutdown since it
won't have the ifindex of the container.

Relates to https://github.com/lxc/lxd/issues/3920 .

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: af54d8e68bfe5d85feb7ba5366084b5d3c3792ae
      https://github.com/lxc/lxc/commit/af54d8e68bfe5d85feb7ba5366084b5d3c3792ae
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-10-11 (Wed, 11 Oct 2017)

  Changed paths:
    M .gitignore
    M src/lxc/lxccontainer.c
    M src/tests/Makefile.am
    A src/tests/livepatch.c

  Log Message:
  -----------
  tests: test container live patching

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: eb4ca13d26dd0cf103f1f9a3cc4b6b17628e805c
      https://github.com/lxc/lxc/commit/eb4ca13d26dd0cf103f1f9a3cc4b6b17628e805c
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2017-10-11 (Wed, 11 Oct 2017)

  Changed paths:
    M .gitignore
    M src/lxc/commands.c
    M src/lxc/commands.h
    M src/lxc/lxc.h
    M src/lxc/lxccontainer.c
    M src/lxc/lxccontainer.h
    M src/tests/Makefile.am
    A src/tests/livepatch.c

  Log Message:
  -----------
  Merge pull request #1852 from brauner/2017-10-11/container_live_patching

POC: container live patching


Compare: https://github.com/lxc/lxc/compare/70cc6755544d...eb4ca13d26dd

More information about the lxc-devel mailing list