[Libvir] [RFC] 3 of 4 Linux Container support

Dave Leskovec dlesko at linux.vnet.ibm.com
Thu Mar 20 21:43:28 UTC 2008 

Daniel Veillard wrote:
> On Wed, Mar 19, 2008 at 11:14:59PM -0700, Dave Leskovec wrote:
>> This patch adds the lxc_driver source files.
[...]
>> +static virDrvOpenStatus lxcOpen(virConnectPtr conn,
>> +                                xmlURIPtr uri,
>> +                                virConnectAuthPtr auth ATTRIBUTE_UNUSED,
>> +                                int flags ATTRIBUTE_UNUSED)
>> +{
>> +    uid_t uid = getuid();
>> +
>> +    /* Check that the user is root */
>> +    if (0 != uid) {
>> +        goto declineConnection;
>> +    }
> 
>  so it's restricted to root, it's probably fine, as we can go though the
> daemon for normal users, ssuming they get authenticated.

Yes it's restricted to root.  That could be removed if file capabilities were
set appropriately.  I'll look into how feasible that would be.

> 
> [...]
>> +static int lxcListDomains(virConnectPtr conn, int *ids, int nids)
>> +{
>> +    lxc_driver_t *driver = (lxc_driver_t *)conn->privateData;
>> +    lxc_vm_t *vm;
>> +    int numDoms = 0;
>> +
>> +    for (vm = driver->vms; vm && (numDoms < nids); vm = vm->next) {
>> +        if (lxcIsActiveVM(vm)) {
>> +            ids[numDoms] = vm->def->id;
>> +            numDoms++;
>> +        }
>> +    }
>> +
>> +    return numDoms;
>> +}
> 
>   so we can only list domains created by this libvirt instance, right ?
> Or I'm missing something, I assume virsh list works but I don't see how.

Well, yes and no.  The list of vms is local to the process however all container
configs are stored to file when they're created.  So, a later instance of
libvirt (later being after a container is created) will pick up the config file
and know about that container.  However, if 2 instances of libvirt are running
and one creates a container, the other won't know about it until it's restarted
or reconnected.  This and a few related issues have been sticking in the back of
my mind for a little while.  I'm wondering if the solution isn't to have the lxc
driver under libvirtd.  That or load and unload the list of vms around every
operation.

> 
> Except this bit I don't understand this looks fine to me
> 
>> Index: b/src/lxc_driver.h
> 
>   Looks fine, 
> 
>     thanks !
> 
> Daniel
> 

-- 
Best Regards,
Dave Leskovec
IBM Linux Technology Center
Open Virtualization

More information about the libvir-list mailing list