[pve-devel] [PATCH lxc] added stop hook patches
Wolfgang Bumiller
w.bumiller at proxmox.com
Thu Sep 24 10:24:06 CEST 2015
---
...1-start.c-preserve_ns-added-pid-parameter.patch | 53 +++++++++++++++
.../0002-preserve-container-namespace.patch | 79 ++++++++++++++++++++++
debian/patches/0003-added-stop-hook-entries.patch | 70 +++++++++++++++++++
...-hook-between-STOPPING-and-STOPPED-states.patch | 25 +++++++
...5-pass-namespace-handles-to-the-stop-hook.patch | 50 ++++++++++++++
debian/patches/series | 5 ++
6 files changed, 282 insertions(+)
create mode 100644 debian/patches/0001-start.c-preserve_ns-added-pid-parameter.patch
create mode 100644 debian/patches/0002-preserve-container-namespace.patch
create mode 100644 debian/patches/0003-added-stop-hook-entries.patch
create mode 100644 debian/patches/0004-run-stop-hook-between-STOPPING-and-STOPPED-states.patch
create mode 100644 debian/patches/0005-pass-namespace-handles-to-the-stop-hook.patch
diff --git a/debian/patches/0001-start.c-preserve_ns-added-pid-parameter.patch b/debian/patches/0001-start.c-preserve_ns-added-pid-parameter.patch
new file mode 100644
index 0000000..88997c8
--- /dev/null
+++ b/debian/patches/0001-start.c-preserve_ns-added-pid-parameter.patch
@@ -0,0 +1,53 @@
+From ae6dc5526f1f60acf3471de993f7d1070fd82fa1 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller at proxmox.com>
+Date: Wed, 23 Sep 2015 10:23:05 +0200
+Subject: [PATCH 1/5] start.c:preserve_ns: added pid parameter
+
+---
+ src/lxc/start.c | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 0601333..1a7d5a3 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -124,14 +124,15 @@ static void close_ns(int ns_fd[LXC_NS_MAX]) {
+ }
+ }
+
+-static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) {
++static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) {
+ int i, saved_errno;
+ char path[MAXPATHLEN];
+
+ for (i = 0; i < LXC_NS_MAX; i++)
+ ns_fd[i] = -1;
+
+- if (access("/proc/self/ns", X_OK)) {
++ snprintf(path, MAXPATHLEN, "/proc/%d/ns", pid);
++ if (access(path, X_OK)) {
+ WARN("Kernel does not support attach; preserve_ns ignored");
+ return 0;
+ }
+@@ -139,7 +140,8 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) {
+ for (i = 0; i < LXC_NS_MAX; i++) {
+ if ((clone_flags & ns_info[i].clone_flag) == 0)
+ continue;
+- snprintf(path, MAXPATHLEN, "/proc/self/ns/%s", ns_info[i].proc_name);
++ snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid,
++ ns_info[i].proc_name);
+ ns_fd[i] = open(path, O_RDONLY | O_CLOEXEC);
+ if (ns_fd[i] < 0)
+ goto error;
+@@ -973,7 +975,7 @@ static int lxc_spawn(struct lxc_handler *handler)
+ INFO("failed to pin the container's rootfs");
+ }
+
+- if (preserve_ns(saved_ns_fd, preserve_mask) < 0)
++ if (preserve_ns(saved_ns_fd, preserve_mask, getpid()) < 0)
+ goto out_delete_net;
+ if (attach_ns(handler->conf->inherit_ns_fd) < 0)
+ goto out_delete_net;
+--
+2.1.4
+
diff --git a/debian/patches/0002-preserve-container-namespace.patch b/debian/patches/0002-preserve-container-namespace.patch
new file mode 100644
index 0000000..090fb14
--- /dev/null
+++ b/debian/patches/0002-preserve-container-namespace.patch
@@ -0,0 +1,79 @@
+From a5d8c53c0ffc09dccb03a5be6b28d6bdedf74ee0 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller at proxmox.com>
+Date: Wed, 23 Sep 2015 10:30:14 +0200
+Subject: [PATCH 2/5] preserve container namespace
+
+---
+ src/lxc/start.c | 18 ++++++++++++++++++
+ src/lxc/start.h | 1 +
+ 2 files changed, 19 insertions(+)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 1a7d5a3..87fc32f 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -379,6 +379,7 @@ out_sigfd:
+
+ struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char *lxcpath)
+ {
++ int i;
+ struct lxc_handler *handler;
+
+ handler = malloc(sizeof(*handler));
+@@ -392,6 +393,9 @@ struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char
+ handler->lxcpath = lxcpath;
+ handler->pinfd = -1;
+
++ for (i = 0; i < LXC_NS_MAX; i++)
++ handler->nsfd[i] = -1;
++
+ lsm_init();
+
+ handler->name = strdup(name);
+@@ -482,10 +486,19 @@ out_free:
+
+ void lxc_fini(const char *name, struct lxc_handler *handler)
+ {
++ int i;
++
+ /* The STOPPING state is there for future cleanup code
+ * which can take awhile
+ */
+ lxc_set_state(name, handler, STOPPING);
++
++ for (i = 0; i < LXC_NS_MAX; i++) {
++ if (handler->nsfd[i] != -1) {
++ close(handler->nsfd[i]);
++ handler->nsfd[i] = -1;
++ }
++ }
+ lxc_set_state(name, handler, STOPPED);
+
+ if (run_lxc_hooks(name, "post-stop", handler->conf, handler->lxcpath, NULL))
+@@ -996,6 +1009,11 @@ static int lxc_spawn(struct lxc_handler *handler)
+ goto out_delete_net;
+ }
+
++ if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid) < 0) {
++ ERROR("failed to store namespace references");
++ goto out_delete_net;
++ }
++
+ if (attach_ns(saved_ns_fd))
+ WARN("failed to restore saved namespaces");
+
+diff --git a/src/lxc/start.h b/src/lxc/start.h
+index f1a41f5..86b19a2 100644
+--- a/src/lxc/start.h
++++ b/src/lxc/start.h
+@@ -75,6 +75,7 @@ struct lxc_handler {
+ void *cgroup_data;
+ int ttysock[2]; // socketpair for child->parent tty fd passing
+ bool backgrounded; // indicates whether should we close std{in,out,err} on start
++ int nsfd[LXC_NS_MAX];
+ };
+
+
+--
+2.1.4
+
diff --git a/debian/patches/0003-added-stop-hook-entries.patch b/debian/patches/0003-added-stop-hook-entries.patch
new file mode 100644
index 0000000..896a009
--- /dev/null
+++ b/debian/patches/0003-added-stop-hook-entries.patch
@@ -0,0 +1,70 @@
+From 3d44aec81ff227b976aa118f41a91a8b597f7adf Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller at proxmox.com>
+Date: Wed, 23 Sep 2015 10:13:30 +0200
+Subject: [PATCH 3/5] added stop-hook entries
+
+---
+ src/lxc/conf.c | 4 +++-
+ src/lxc/conf.h | 2 +-
+ src/lxc/confile.c | 3 +++
+ 3 files changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 0913b22..f81efcd 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -163,7 +163,7 @@ return -1;
+ #endif
+
+ char *lxchook_names[NUM_LXC_HOOKS] = {
+- "pre-start", "pre-mount", "mount", "autodev", "start", "post-stop", "clone" };
++ "pre-start", "pre-mount", "mount", "autodev", "start", "stop", "post-stop", "clone" };
+
+ typedef int (*instantiate_cb)(struct lxc_handler *, struct lxc_netdev *);
+
+@@ -3878,6 +3878,8 @@ int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf,
+ which = LXCHOOK_AUTODEV;
+ else if (strcmp(hook, "start") == 0)
+ which = LXCHOOK_START;
++ else if (strcmp(hook, "stop") == 0)
++ which = LXCHOOK_STOP;
+ else if (strcmp(hook, "post-stop") == 0)
+ which = LXCHOOK_POSTSTOP;
+ else if (strcmp(hook, "clone") == 0)
+diff --git a/src/lxc/conf.h b/src/lxc/conf.h
+index 5aebd91..1374d4a 100644
+--- a/src/lxc/conf.h
++++ b/src/lxc/conf.h
+@@ -279,7 +279,7 @@ enum {
+ */
+ enum lxchooks {
+ LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
+- LXCHOOK_START, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, NUM_LXC_HOOKS};
++ LXCHOOK_START, LXCHOOK_STOP, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, NUM_LXC_HOOKS};
+ extern char *lxchook_names[NUM_LXC_HOOKS];
+
+ struct saved_nic {
+diff --git a/src/lxc/confile.c b/src/lxc/confile.c
+index 670d957..f7d6814 100644
+--- a/src/lxc/confile.c
++++ b/src/lxc/confile.c
+@@ -137,6 +137,7 @@ static struct lxc_config_t config[] = {
+ { "lxc.hook.mount", config_hook },
+ { "lxc.hook.autodev", config_hook },
+ { "lxc.hook.start", config_hook },
++ { "lxc.hook.stop", config_hook },
+ { "lxc.hook.post-stop", config_hook },
+ { "lxc.hook.clone", config_hook },
+ { "lxc.hook", config_hook },
+@@ -1085,6 +1086,8 @@ static int config_hook(const char *key, const char *value,
+ return add_hook(lxc_conf, LXCHOOK_MOUNT, copy);
+ else if (strcmp(key, "lxc.hook.start") == 0)
+ return add_hook(lxc_conf, LXCHOOK_START, copy);
++ else if (strcmp(key, "lxc.hook.stop") == 0)
++ return add_hook(lxc_conf, LXCHOOK_STOP, copy);
+ else if (strcmp(key, "lxc.hook.post-stop") == 0)
+ return add_hook(lxc_conf, LXCHOOK_POSTSTOP, copy);
+ else if (strcmp(key, "lxc.hook.clone") == 0)
+--
+2.1.4
+
diff --git a/debian/patches/0004-run-stop-hook-between-STOPPING-and-STOPPED-states.patch b/debian/patches/0004-run-stop-hook-between-STOPPING-and-STOPPED-states.patch
new file mode 100644
index 0000000..072daf8
--- /dev/null
+++ b/debian/patches/0004-run-stop-hook-between-STOPPING-and-STOPPED-states.patch
@@ -0,0 +1,25 @@
+From c7f3288702ab3d8a7ed7fb3a9c9ed1d9cd8b90f2 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller at proxmox.com>
+Date: Wed, 23 Sep 2015 10:35:47 +0200
+Subject: [PATCH 4/5] run stop hook between STOPPING and STOPPED states
+
+---
+ src/lxc/start.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 87fc32f..a1eb961 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -493,6 +493,8 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
+ */
+ lxc_set_state(name, handler, STOPPING);
+
++ if (run_lxc_hooks(name, "stop", handler->conf, handler->lxcpath, NULL))
++ ERROR("failed to run stop hooks for container '%s'.", name);
+ for (i = 0; i < LXC_NS_MAX; i++) {
+ if (handler->nsfd[i] != -1) {
+ close(handler->nsfd[i]);
+--
+2.1.4
+
diff --git a/debian/patches/0005-pass-namespace-handles-to-the-stop-hook.patch b/debian/patches/0005-pass-namespace-handles-to-the-stop-hook.patch
new file mode 100644
index 0000000..81857c7
--- /dev/null
+++ b/debian/patches/0005-pass-namespace-handles-to-the-stop-hook.patch
@@ -0,0 +1,50 @@
+From c1078bcf970c1fbbfd9681bc18b412a0710318bf Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller at proxmox.com>
+Date: Wed, 23 Sep 2015 11:33:48 +0200
+Subject: [PATCH 5/5] pass namespace handles to the stop hook
+
+---
+ src/lxc/start.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index a1eb961..7a909de 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -486,15 +486,31 @@ out_free:
+
+ void lxc_fini(const char *name, struct lxc_handler *handler)
+ {
+- int i;
++ int i, rc;
++ pid_t self = getpid();
++ char **namespaces = (char**)malloc((LXC_NS_MAX+1) * sizeof(char*));
++ size_t namespace_count = 0;
+
+ /* The STOPPING state is there for future cleanup code
+ * which can take awhile
+ */
+ lxc_set_state(name, handler, STOPPING);
+
+- if (run_lxc_hooks(name, "stop", handler->conf, handler->lxcpath, NULL))
++ for (i = 0; i < LXC_NS_MAX; i++) {
++ if (handler->nsfd[i] != -1) {
++ rc = asprintf(&namespaces[namespace_count++], "%s:/proc/%d/fd/%d",
++ ns_info[i].proc_name, self, handler->nsfd[i]);
++ if (rc == -1) {
++ SYSERROR("failed to allocate memory");
++ break;
++ }
++ }
++ }
++ namespaces[namespace_count] = NULL;
++ if (run_lxc_hooks(name, "stop", handler->conf, handler->lxcpath, namespaces))
+ ERROR("failed to run stop hooks for container '%s'.", name);
++ while (namespace_count--)
++ free(namespaces[namespace_count]);
+ for (i = 0; i < LXC_NS_MAX; i++) {
+ if (handler->nsfd[i] != -1) {
+ close(handler->nsfd[i]);
+--
+2.1.4
+
diff --git a/debian/patches/series b/debian/patches/series
index 3737812..8ba43ef 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,8 @@ include-linux-sched.patch
use-var-lib-vz-as-default-dir.patch
#do-not-use-config-path-for-rootfs.patch
run-lxcnetaddbr.patch
+0001-start.c-preserve_ns-added-pid-parameter.patch
+0002-preserve-container-namespace.patch
+0003-added-stop-hook-entries.patch
+0004-run-stop-hook-between-STOPPING-and-STOPPED-states.patch
+0005-pass-namespace-handles-to-the-stop-hook.patch
--
2.1.4
More information about the pve-devel
mailing list