[lxc-devel] [lxc/master] conf: small cleanups

brauner on Github lxc-bot at linuxcontainers.org
Mon May 28 23:05:45 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180528/a659b0ba/attachment.bin>
-------------- next part --------------
From 80308d07b37387f718405a87fe908064c1969cdf Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 29 May 2018 00:48:15 +0200
Subject: [PATCH 1/4] start: add reboot macros

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/lxccontainer.c |  8 ++++----
 src/lxc/start.c        | 27 ++++++++++++++-------------
 src/lxc/state.h        |  6 ++++++
 3 files changed, 24 insertions(+), 17 deletions(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 8a21d97e4..04a6050f1 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1036,7 +1036,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 		}
 	}
 
-	conf->reboot = 0;
+	conf->reboot = REBOOT_NONE;
 
 	/* Unshare the mount namespace if requested */
 	if (conf->monitor_unshare) {
@@ -1058,7 +1058,7 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 	}
 
 reboot:
-	if (conf->reboot == 2) {
+	if (conf->reboot == REBOOT_INIT) {
 		/* initialize handler */
 		handler = lxc_init_handler(c->name, conf, c->config_path, c->daemonize);
 		if (!handler) {
@@ -1085,9 +1085,9 @@ static bool do_lxcapi_start(struct lxc_container *c, int useinit, char * const a
 		ret = lxc_start(c->name, argv, handler, c->config_path,
 				c->daemonize, &c->error_num);
 
-	if (conf->reboot == 1) {
+	if (conf->reboot == REBOOT_REQ) {
 		INFO("Container requested reboot");
-		conf->reboot = 2;
+		conf->reboot = REBOOT_INIT;
 		goto reboot;
 	}
 
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 7ec151e1c..a8cd82771 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -646,7 +646,7 @@ void lxc_free_handler(struct lxc_handler *handler)
 
 	lxc_put_nsfds(handler);
 
-	if (handler->conf && handler->conf->reboot == 0)
+	if (handler->conf && handler->conf->reboot == REBOOT_NONE)
 		if (handler->conf->maincmd_fd >= 0)
 			close(handler->conf->maincmd_fd);
 
@@ -684,7 +684,7 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,
 	handler->sigfd = -EBADF;
 	handler->init_died = false;
 	handler->state_socket_pair[0] = handler->state_socket_pair[1] = -1;
-	if (handler->conf->reboot == 0)
+	if (handler->conf->reboot == REBOOT_NONE)
 		lxc_list_init(&handler->conf->state_clients);
 
 	for (i = 0; i < LXC_NS_MAX; i++)
@@ -692,7 +692,7 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,
 
 	handler->name = name;
 
-	if (daemonize && !handler->conf->reboot) {
+	if (daemonize && handler->conf->reboot == REBOOT_NONE) {
 		/* Create socketpair() to synchronize on daemonized startup.
 		 * When the container reboots we don't need to synchronize
 		 * again currently so don't open another socketpair().
@@ -708,7 +708,7 @@ struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf,
 		      handler->state_socket_pair[1]);
 	}
 
-	if (handler->conf->reboot == 0) {
+	if (handler->conf->reboot == REBOOT_NONE) {
 		handler->conf->maincmd_fd = lxc_cmd_init(name, lxcpath, "command");
 		if (handler->conf->maincmd_fd < 0) {
 			ERROR("Failed to set up command socket");
@@ -918,14 +918,14 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 	}
 	namespaces[namespace_count] = NULL;
 
-	if (handler->conf->reboot) {
+	if (handler->conf->reboot > REBOOT_NONE) {
 		ret = setenv("LXC_TARGET", "reboot", 1);
 		if (ret < 0)
 			SYSERROR("Failed to set environment variable: "
 				 "LXC_TARGET=reboot");
 	}
 
-	if (!handler->conf->reboot) {
+	if (handler->conf->reboot == REBOOT_NONE) {
 		ret = setenv("LXC_TARGET", "stop", 1);
 		if (ret < 0)
 			SYSERROR("Failed to set environment variable: "
@@ -945,7 +945,7 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 	cgroup_ops->destroy(cgroup_ops, handler);
 	cgroup_exit(cgroup_ops);
 
-	if (handler->conf->reboot == 0) {
+	if (handler->conf->reboot == REBOOT_NONE) {
 		/* For all new state clients simply close the command socket.
 		 * This will inform all state clients that the container is
 		 * STOPPED and also prevents a race between a open()/close() on
@@ -973,9 +973,9 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 	ret = run_lxc_hooks(name, "post-stop", handler->conf, NULL);
 	if (ret < 0) {
 		ERROR("Failed to run lxc.hook.post-stop for container \"%s\"", name);
-		if (handler->conf->reboot) {
+		if (handler->conf->reboot > REBOOT_NONE) {
 			WARN("Container will be stopped instead of rebooted");
-			handler->conf->reboot = 0;
+			handler->conf->reboot = REBOOT_NONE;
 
 			ret = setenv("LXC_TARGET", "stop", 1);
 			if (ret < 0)
@@ -999,7 +999,8 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 		struct lxc_state_client *client = cur->elem;
 
 		/* Keep state clients that want to be notified about reboots. */
-		if ((handler->conf->reboot > 0) && (client->states[RUNNING] == 2))
+		if ((handler->conf->reboot > REBOOT_NONE) &&
+		    (client->states[RUNNING] == 2))
 			continue;
 
 		/* close state client socket */
@@ -1009,7 +1010,7 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 		free(cur);
 	}
 
-	if (handler->conf->ephemeral == 1 && handler->conf->reboot != 1)
+	if (handler->conf->ephemeral == 1 && handler->conf->reboot != REBOOT_REQ)
 		lxc_destroy_container_on_signal(handler, name);
 
 	lxc_free_handler(handler);
@@ -1892,7 +1893,7 @@ int __lxc_start(const char *name, struct lxc_handler *handler,
 	close(handler->data_sock[1]);
 	handler->data_sock[1] = -1;
 
-	handler->conf->reboot = 0;
+	handler->conf->reboot = REBOOT_NONE;
 
 	ret = lxc_poll(name, handler);
 	if (ret) {
@@ -1915,7 +1916,7 @@ int __lxc_start(const char *name, struct lxc_handler *handler,
 			break;
 		case SIGHUP: /* reboot */
 			DEBUG("Container \"%s\" is rebooting", name);
-			handler->conf->reboot = 1;
+			handler->conf->reboot = REBOOT_REQ;
 			break;
 		case SIGSYS: /* seccomp */
 			DEBUG("Container \"%s\" violated its seccomp policy", name);
diff --git a/src/lxc/state.h b/src/lxc/state.h
index f34efd992..dc5b34af3 100644
--- a/src/lxc/state.h
+++ b/src/lxc/state.h
@@ -35,6 +35,12 @@ typedef enum {
 	MAX_STATE,
 } lxc_state_t;
 
+enum {
+	REBOOT_NONE,
+	REBOOT_REQ,
+	REBOOT_INIT
+};
+
 extern lxc_state_t lxc_getstate(const char *name, const char *lxcpath);
 
 extern lxc_state_t lxc_str2state(const char *state);

From 5173b71073dbb6b3290f969fab5ccd7a304d3c4f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 29 May 2018 00:52:37 +0200
Subject: [PATCH 2/4] conf: make root idmap structs const

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c | 5 +++--
 src/lxc/conf.h | 4 ++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 76cb255d6..2c6efe71f 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1499,7 +1499,7 @@ static int setup_pivot_root(const struct lxc_rootfs *rootfs)
 	return 0;
 }
 
-static struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, unsigned id,
+static const struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, unsigned id,
 					     enum idtype idtype)
 {
 	struct lxc_list *it;
@@ -3965,7 +3965,8 @@ static int run_userns_fn(void *data)
 static struct id_map *mapped_nsid_add(struct lxc_conf *conf, unsigned id,
 				      enum idtype idtype)
 {
-	struct id_map *map, *retmap;
+	const struct id_map *map;
+	struct id_map *retmap;
 
 	map = find_mapped_nsid_entry(conf, id, idtype);
 	if (!map)
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index e8fb4d0ec..e28f54b85 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -233,13 +233,13 @@ struct lxc_conf {
 		 * Pointer to the idmap entry for the container's root uid in
 		 * the id_map list. Do not free!
 		 */
-		struct id_map *root_nsuid_map;
+		const struct id_map *root_nsuid_map;
 
 		/*
 		 * Pointer to the idmap entry for the container's root gid in
 		 * the id_map list. Do not free!
 		 */
-		struct id_map *root_nsgid_map;
+		const struct id_map *root_nsgid_map;
 	};
 
 	struct lxc_list network;

From 7a0bcca3105ca9c9987d5572bf72f02e35a28bcb Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 29 May 2018 00:54:16 +0200
Subject: [PATCH 3/4] conf: make tmp_umount_proc bool

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c | 10 +++++-----
 src/lxc/conf.h |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 2c6efe71f..dcbee2868 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2676,7 +2676,7 @@ struct lxc_conf *lxc_conf_init(void)
 	lxc_list_init(&new->state_clients);
 	new->lsm_aa_profile = NULL;
 	new->lsm_se_context = NULL;
-	new->tmp_umount_proc = 0;
+	new->tmp_umount_proc = false;
 
 	/* if running in a new user namespace, init and COMMAND
 	 * default to running as UID/GID 0 when using lxc-execute */
@@ -3158,7 +3158,7 @@ int lxc_create_tmp_proc_mount(struct lxc_conf *conf)
 		if (conf->rootfs.path)
 			return -1;
 	} else if (mounted == 1) {
-		conf->tmp_umount_proc = 1;
+		conf->tmp_umount_proc = true;
 	}
 
 	return 0;
@@ -3166,11 +3166,11 @@ int lxc_create_tmp_proc_mount(struct lxc_conf *conf)
 
 void tmp_proc_unmount(struct lxc_conf *lxc_conf)
 {
-	if (lxc_conf->tmp_umount_proc != 1)
+	if (!lxc_conf->tmp_umount_proc)
 		return;
 
-	umount("/proc");
-	lxc_conf->tmp_umount_proc = 0;
+	(void)umount2("/proc", MNT_DETACH);
+	lxc_conf->tmp_umount_proc = false;
 }
 
 /* Walk /proc/mounts and change any shared entries to slave. */
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index e28f54b85..1565cdef9 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -271,7 +271,7 @@ struct lxc_conf {
 	char *lsm_aa_profile;
 	unsigned int lsm_aa_allow_incomplete;
 	char *lsm_se_context;
-	int tmp_umount_proc;
+	bool tmp_umount_proc;
 	char *seccomp;  /* filename with the seccomp rules */
 #if HAVE_SCMP_FILTER_CTX
 	scmp_filter_ctx seccomp_ctx;

From 32fd6cf390e04ebc43ca94d6df8ca99ce4cd2ecd Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 29 May 2018 00:57:13 +0200
Subject: [PATCH 4/4] conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.h | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 1565cdef9..ea3a71dfb 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -260,7 +260,10 @@ struct lxc_conf {
 	/* maximum pty devices allowed by devpts mount */
 	size_t pty_max;
 
+	/* set to true when rootfs has been setup */
+	bool rootfs_setup;
 	struct lxc_rootfs rootfs;
+
 	bool close_all_fds;
 
 	struct {
@@ -301,9 +304,6 @@ struct lxc_conf {
 	/* unshare the mount namespace in the monitor */
 	unsigned int monitor_unshare;
 
-	/* set to true when rootfs has been setup */
-	bool rootfs_setup;
-
 	/* list of included files */
 	struct lxc_list includes;
 	/* config entries which are not "lxc.*" are aliens */
@@ -315,7 +315,8 @@ struct lxc_conf {
 
 	/* text representation of the config file */
 	char *unexpanded_config;
-	size_t unexpanded_len, unexpanded_alloced;
+	size_t unexpanded_len;
+	size_t unexpanded_alloced;
 
 	/* default command for lxc-execute */
 	char *execute_cmd;

More information about the lxc-devel mailing list