[lxc-devel] [lxc/master] api_extensions: introduce lxc_has_api_extension() and introduce lxc.cgroup.relative
brauner on Github
lxc-bot at linuxcontainers.org
Fri Sep 21 09:01:55 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180921/6985bd64/attachment.bin>
-------------- next part --------------
From 0d43b3237c8f46e3a4cbeff0faff984674cec6c4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 21 Sep 2018 10:28:34 +0200
Subject: [PATCH 1/2] api_extensions: introduce lxc_has_api_extension()
This is modeled after LXD's API extension checks. This allows API users
to query the given LXC instance whether a given API extension is
supported.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
doc/api-extensions.md | 34 ++++++++++++++++++++++++++++++++++
src/lxc/Makefile.am | 4 +++-
src/lxc/lxccontainer.c | 14 ++++++++++++++
src/lxc/lxccontainer.h | 7 +++++++
4 files changed, 58 insertions(+), 1 deletion(-)
create mode 100644 doc/api-extensions.md
diff --git a/doc/api-extensions.md b/doc/api-extensions.md
new file mode 100644
index 000000000..f071237e0
--- /dev/null
+++ b/doc/api-extensions.md
@@ -0,0 +1,34 @@
+# API extensions
+
+The changes below were introduced to the LXC API after the 3.0 API was finalized.
+
+They are all backward compatible and can be detected by client tools by
+called the `lxc_has_api_extension` function.
+
+## lxc\_log
+
+This introduces a way to initialize a logging instance from the API for a given
+container.
+
+## lxc\_config\_item\_is\_supported
+
+This introduces the `lxc_config_item_is_supported` function. It allows users to
+check whether their LXC instance supports a given configuration key.
+
+## console\_log
+
+This adds support to container's console log. The console log is implemented as
+an efficient ringbuffer.
+
+## reboot2
+
+This adds `reboot2()` as a new API extension. This function properly waits
+until a reboot succeeded. It takes a timeout argument. When set to `> 0`
+`reboot2()` will block until the timeout is reached, if timeout is set to zero
+`reboot2()` will not block, if set to -1 `reboot2()` will block indefinitly.
+
+## mount\_injection
+
+This adds support for injecting and removing mounts into/from a running
+containers. Two new API functions `mount()` and `umount()` are added. They
+mirror the current mount and umount API of the kernel.
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index aa879500d..51c871eb6 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -2,7 +2,8 @@ pkginclude_HEADERS = attach_options.h \
lxccontainer.h \
version.h
-noinst_HEADERS = attach.h \
+noinst_HEADERS = api_extensions.h \
+ attach.h \
caps.h \
cgroups/cgroup.h \
cgroups/cgroup_utils.h \
@@ -85,6 +86,7 @@ endif
lib_LTLIBRARIES = liblxc.la
liblxc_la_SOURCES = af_unix.c af_unix.h \
+ api_extensions.h \
attach.c attach.h \
caps.c caps.h \
cgroups/cgfsng.c \
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index bdfe057cc..80cf73207 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -42,6 +42,7 @@
#include <unistd.h>
#include "af_unix.h"
+#include "api_extensions.h"
#include "attach.h"
#include "cgroup.h"
#include "commands.h"
@@ -5671,3 +5672,16 @@ bool lxc_config_item_is_supported(const char *key)
{
return !!lxc_get_config(key);
}
+
+bool lxc_has_api_extension(const char *extension)
+{
+ /* The NULL API extension is always present. :) */
+ if (!extension)
+ return true;
+
+ for (size_t i = 0; i < nr_api_extensions; i++)
+ if (strcmp(api_extensions[i], extension) == 0)
+ return true;
+
+ return false;
+}
diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index fdabbe474..459531076 100644
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
@@ -1123,6 +1123,13 @@ void lxc_log_close(void);
*/
bool lxc_config_item_is_supported(const char *key);
+/*!
+ * \brief Check if an API extension is supported by this LXC instance.
+ *
+ * \param extension API extension to check for.
+ */
+bool lxc_has_api_extension(const char *extension);
+
#ifdef __cplusplus
}
#endif
From c74e3405eeae569e63c8e83fa650100463482cc4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 21 Sep 2018 10:41:38 +0200
Subject: [PATCH 2/2] confile: s/lxc.cgroup.keep/lxc.cgroup.relative/g
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
doc/api-extensions.md | 7 +++++++
src/lxc/confile.c | 20 +++++++++++---------
2 files changed, 18 insertions(+), 9 deletions(-)
diff --git a/doc/api-extensions.md b/doc/api-extensions.md
index f071237e0..fba5943c7 100644
--- a/doc/api-extensions.md
+++ b/doc/api-extensions.md
@@ -32,3 +32,10 @@ until a reboot succeeded. It takes a timeout argument. When set to `> 0`
This adds support for injecting and removing mounts into/from a running
containers. Two new API functions `mount()` and `umount()` are added. They
mirror the current mount and umount API of the kernel.
+
+## cgroup\_relative
+
+This adds the new `lxc.cgroup.relative` config key. The key can be used to
+instruct LXC to never escape to the root cgroup. This makes it easy for users
+to adhere to restrictions enforced by `cgroup2` and systemd. Specifically, this
+makes it possible to run LXC containers as systemd services.
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 21e2d4a7e..3e1941f94 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -92,7 +92,7 @@ lxc_config_define(cap_keep);
lxc_config_define(cgroup_controller);
lxc_config_define(cgroup2_controller);
lxc_config_define(cgroup_dir);
-lxc_config_define(cgroup_keep);
+lxc_config_define(cgroup_relative);
lxc_config_define(console_buffer_size);
lxc_config_define(console_logfile);
lxc_config_define(console_path);
@@ -169,7 +169,7 @@ static struct lxc_config_t config[] = {
{ "lxc.cap.keep", set_config_cap_keep, get_config_cap_keep, clr_config_cap_keep, },
{ "lxc.cgroup2", set_config_cgroup2_controller, get_config_cgroup2_controller, clr_config_cgroup2_controller, },
{ "lxc.cgroup.dir", set_config_cgroup_dir, get_config_cgroup_dir, clr_config_cgroup_dir, },
- { "lxc.cgroup.keep", set_config_cgroup_keep, get_config_cgroup_keep, clr_config_cgroup_keep, },
+ { "lxc.cgroup.relative", set_config_cgroup_relative, get_config_cgroup_relative, clr_config_cgroup_relative, },
{ "lxc.cgroup", set_config_cgroup_controller, get_config_cgroup_controller, clr_config_cgroup_controller, },
{ "lxc.console.buffer.size", set_config_console_buffer_size, get_config_console_buffer_size, clr_config_console_buffer_size, },
{ "lxc.console.logfile", set_config_console_logfile, get_config_console_logfile, clr_config_console_logfile, },
@@ -1399,14 +1399,14 @@ static int set_config_cgroup_dir(const char *key, const char *value,
return set_config_string_item(&lxc_conf->cgroup_meta.dir, value);
}
-static int set_config_cgroup_keep(const char *key, const char *value,
- struct lxc_conf *lxc_conf, void *data)
+static int set_config_cgroup_relative(const char *key, const char *value,
+ struct lxc_conf *lxc_conf, void *data)
{
unsigned int converted;
int ret;
if (lxc_config_value_empty(value))
- return clr_config_cgroup_keep(key, lxc_conf, NULL);
+ return clr_config_cgroup_relative(key, lxc_conf, NULL);
ret = lxc_safe_uint(value, &converted);
if (ret < 0)
@@ -3240,8 +3240,9 @@ static int get_config_cgroup_dir(const char *key, char *retv, int inlen,
return fulllen;
}
-static inline int get_config_cgroup_keep(const char *key, char *retv, int inlen,
- struct lxc_conf *lxc_conf, void *data)
+static inline int get_config_cgroup_relative(const char *key, char *retv,
+ int inlen, struct lxc_conf *lxc_conf,
+ void *data)
{
return lxc_get_conf_int(lxc_conf, retv, inlen,
lxc_conf->cgroup_meta.keep);
@@ -3991,8 +3992,9 @@ static int clr_config_cgroup_dir(const char *key, struct lxc_conf *lxc_conf,
return 0;
}
-static inline int clr_config_cgroup_keep(const char *key,
- struct lxc_conf *lxc_conf, void *data)
+static inline int clr_config_cgroup_relative(const char *key,
+ struct lxc_conf *lxc_conf,
+ void *data)
{
lxc_conf->cgroup_meta.keep = false;
return 0;
More information about the lxc-devel
mailing list