[lxc-devel] [lxc/master] [RFC] conf: introduce lxc.storage.managed

brauner on Github lxc-bot at linuxcontainers.org
Wed Jun 27 09:42:20 UTC 2018


A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 935 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180627/56446cec/attachment.bin>
-------------- next part --------------
From 6dd9a52e39f28bde91ea7a7aa69f698ff28852f2 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 27 Jun 2018 11:37:57 +0200
Subject: [PATCH] conf: introduce lxc.storage.managed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This introduces a new config key lxc.storage.managed which can be used to
indicate whether this LXC instance is managing the container storage. If LXC is
not managing the storage then LXC will not modify the container storage.
For example, an API call to c->destroy(c) will then run any destroy hooks but
will not destroy the actual rootfs (Unless, of course, the hook does so behind
LXC's back.).

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
CC: Wolfgang Bumiller <w.bumiller at proxmox.com>
CC: Stéphane Graber <stgraber at ubuntu.com>
CC: Serge Hallyn <serge at hallyn.com>
CC: 2xsec <dh48.jeong at samsung.com>
---
 src/lxc/conf.c         |  1 +
 src/lxc/conf.h         |  3 +++
 src/lxc/confile.c      | 39 +++++++++++++++++++++++++++++++++++++++
 src/lxc/lxccontainer.c | 21 ++++++++++++++-------
 4 files changed, 57 insertions(+), 7 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index ee0e7bddd..56e09d56e 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2667,6 +2667,7 @@ struct lxc_conf *lxc_conf_init(void)
 	lxc_list_init(&new->groups);
 	lxc_list_init(&new->state_clients);
 	new->lsm_aa_profile = NULL;
+	new->storage_managed = true;
 	new->lsm_se_context = NULL;
 	new->tmp_umount_proc = false;
 
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index ea3a71dfb..e00eada34 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -339,6 +339,9 @@ struct lxc_conf {
 	/* Whether PR_SET_NO_NEW_PRIVS will be set for the container. */
 	bool no_new_privs;
 
+	/* Whether the container storage is managed by LXC. */
+	bool storage_managed;
+
 	/* RLIMIT_* limits */
 	struct lxc_list limits;
 
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index f0041770a..981726d5e 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -147,6 +147,7 @@ lxc_config_define(signal_halt);
 lxc_config_define(signal_reboot);
 lxc_config_define(signal_stop);
 lxc_config_define(start);
+lxc_config_define(storage_managed);
 lxc_config_define(tty_max);
 lxc_config_define(tty_dir);
 lxc_config_define(uts_name);
@@ -231,6 +232,7 @@ static struct lxc_config_t config[] = {
 	{ "lxc.start.auto",                set_config_start,                       get_config_start,                       clr_config_start,                     },
 	{ "lxc.start.delay",               set_config_start,                       get_config_start,                       clr_config_start,                     },
 	{ "lxc.start.order",               set_config_start,                       get_config_start,                       clr_config_start,                     },
+	{ "lxc.storage.managed",           set_config_storage_managed,             get_config_storage_managed,             clr_config_storage_managed,           },
 	{ "lxc.tty.dir",                   set_config_tty_dir,                     get_config_tty_dir,                     clr_config_tty_dir,                   },
 	{ "lxc.tty.max",                   set_config_tty_max,                     get_config_tty_max,                     clr_config_tty_max,                   },
 	{ "lxc.uts.name",                  set_config_uts_name,                    get_config_uts_name,                    clr_config_uts_name,                  },
@@ -1046,6 +1048,27 @@ static int set_config_start(const char *key, const char *value,
 	return -1;
 }
 
+static int set_config_storage_managed(const char *key, const char *value,
+				      struct lxc_conf *lxc_conf, void *data)
+{
+	unsigned int val = 0;
+
+	if (lxc_config_value_empty(value)) {
+		lxc_conf->storage_managed = false;
+		return 0;
+	}
+
+	if (lxc_safe_uint(value, &val) < 0)
+		return -1;
+
+	if (val > 1)
+		return -1;
+
+	lxc_conf->storage_managed = true;
+
+	return 0;
+}
+
 static int set_config_monitor(const char *key, const char *value,
 			      struct lxc_conf *lxc_conf, void *data)
 {
@@ -3425,6 +3448,15 @@ static int get_config_start(const char *key, char *retv, int inlen,
 	return -1;
 }
 
+static int get_config_storage_managed(const char *key, char *retv, int inlen,
+				      struct lxc_conf *c, void *data)
+{
+	if (c->storage_managed)
+		return 1;
+
+	return 0;
+}
+
 static int get_config_log_syslog(const char *key, char *retv, int inlen,
 				 struct lxc_conf *c, void *data)
 {
@@ -3973,6 +4005,13 @@ static inline int clr_config_start(const char *key, struct lxc_conf *c,
 	return 0;
 }
 
+static inline int clr_config_storage_managed(const char *key,
+					     struct lxc_conf *c, void *data)
+{
+	c->storage_managed = false;
+	return 0;
+}
+
 static inline int clr_config_log_syslog(const char *key, struct lxc_conf *c,
 				    void *data)
 {
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index c5ea78770..9a2d802c4 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -2907,6 +2907,10 @@ static bool container_destroy(struct lxc_container *c,
 		}
 	}
 
+	/* LXC is not managing the storage of the container. */
+	if (conf && !conf->storage_managed)
+		goto on_success;
+
 	if (conf && conf->rootfs.path && conf->rootfs.mount) {
 		if (!do_destroy_container(conf)) {
 			ERROR("Error destroying rootfs for %s", c->name);
@@ -2978,6 +2982,7 @@ static bool container_destroy(struct lxc_container *c,
 	}
 	INFO("Destroyed directory \"%s\" for \"%s\"", path, c->name);
 
+on_success:
 	bret = true;
 
 out:
@@ -2992,14 +2997,16 @@ static bool do_lxcapi_destroy(struct lxc_container *c)
 	if (!c || !lxcapi_is_defined(c))
 		return false;
 
-	if (has_snapshots(c)) {
-		ERROR("Container %s has snapshots;  not removing", c->name);
-		return false;
-	}
+	if (c->lxc_conf && c->lxc_conf->storage_managed) {
+		if (has_snapshots(c)) {
+			ERROR("Container %s has snapshots;  not removing", c->name);
+			return false;
+		}
 
-	if (has_fs_snapshots(c)) {
-		ERROR("container %s has snapshots on its rootfs", c->name);
-		return false;
+		if (has_fs_snapshots(c)) {
+			ERROR("container %s has snapshots on its rootfs", c->name);
+			return false;
+		}
 	}
 
 	return container_destroy(c, NULL);


More information about the lxc-devel mailing list