/*
- * Copyright (C) 2010-2015 Red Hat, Inc.
+ * Copyright (C) 2010-2016 Red Hat, Inc.
* Copyright IBM Corp. 2008
*
* lxc_controller.c: linux container process controller
switch (ctrl->def->nets[i]->type) {
case VIR_DOMAIN_NET_TYPE_BRIDGE:
case VIR_DOMAIN_NET_TYPE_NETWORK:
+ case VIR_DOMAIN_NET_TYPE_ETHERNET:
if (ctrl->def->nets[i]->ifname == NULL)
continue;
if (virNetDevGetIndex(ctrl->def->nets[i]->ifname,
break;
case VIR_DOMAIN_NET_TYPE_USER:
- case VIR_DOMAIN_NET_TYPE_ETHERNET:
case VIR_DOMAIN_NET_TYPE_VHOSTUSER:
case VIR_DOMAIN_NET_TYPE_SERVER:
case VIR_DOMAIN_NET_TYPE_CLIENT:
/*
- * Copyright (C) 2010-2015 Red Hat, Inc.
+ * Copyright (C) 2010-2016 Red Hat, Inc.
* Copyright IBM Corp. 2008
*
* lxc_driver.c: linux container driver functions
goto cleanup;
}
+ if (virLXCProcessValidateInterface(net) < 0)
+ return -1;
+
/* preallocate new slot for device */
if (VIR_REALLOC_N(vm->def->nets, vm->def->nnets+1) < 0)
return -1;
_("No bridge name specified"));
goto cleanup;
}
- if (!(veth = virLXCProcessSetupInterfaceBridged(vm->def,
- net,
- brname)))
+ if (!(veth = virLXCProcessSetupInterfaceTap(vm->def, net, brname)))
goto cleanup;
} break;
+ case VIR_DOMAIN_NET_TYPE_ETHERNET:
+ if (!(veth = virLXCProcessSetupInterfaceTap(vm->def, net, NULL)))
+ goto cleanup;
+ break;
case VIR_DOMAIN_NET_TYPE_DIRECT: {
- if (!(veth = virLXCProcessSetupInterfaceDirect(conn,
- vm->def,
- net)))
+ if (!(veth = virLXCProcessSetupInterfaceDirect(conn, vm->def, net)))
goto cleanup;
} break;
default:
switch (actualType) {
case VIR_DOMAIN_NET_TYPE_BRIDGE:
case VIR_DOMAIN_NET_TYPE_NETWORK:
+ case VIR_DOMAIN_NET_TYPE_ETHERNET:
ignore_value(virNetDevVethDelete(veth));
break;
switch (actualType) {
case VIR_DOMAIN_NET_TYPE_BRIDGE:
case VIR_DOMAIN_NET_TYPE_NETWORK:
+ case VIR_DOMAIN_NET_TYPE_ETHERNET:
if (virNetDevVethDelete(detach->ifname) < 0) {
virDomainAuditNet(vm, detach, NULL, "detach", false);
goto cleanup;
net->mac = macAddr;
if (STREQ(type, "veth")) {
- if (!linkdev)
- goto error;
-
- net->type = VIR_DOMAIN_NET_TYPE_BRIDGE;
-
- if (VIR_STRDUP(net->data.bridge.brname, linkdev) < 0)
- goto error;
-
+ if (linkdev) {
+ net->type = VIR_DOMAIN_NET_TYPE_BRIDGE;
+ if (VIR_STRDUP(net->data.bridge.brname, linkdev) < 0)
+ goto error;
+ } else {
+ net->type = VIR_DOMAIN_NET_TYPE_ETHERNET;
+ }
} else if (STREQ(type, "macvlan")) {
net->type = VIR_DOMAIN_NET_TYPE_DIRECT;
}
-char *virLXCProcessSetupInterfaceBridged(virDomainDefPtr vm,
- virDomainNetDefPtr net,
- const char *brname)
+int
+virLXCProcessValidateInterface(virDomainNetDefPtr net)
+{
+ if (net->script) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("scripts are not supported on LXC network interfaces"));
+ return -1;
+ }
+ return 0;
+}
+
+
+char *
+virLXCProcessSetupInterfaceTap(virDomainDefPtr vm,
+ virDomainNetDefPtr net,
+ const char *brname)
{
char *ret = NULL;
char *parentVeth;
if (virNetDevSetMAC(containerVeth, &net->mac) < 0)
goto cleanup;
- if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) {
- if (virNetDevOpenvswitchAddPort(brname, parentVeth, &net->mac,
- vm->uuid, vport, virDomainNetGetActualVlan(net)) < 0)
- goto cleanup;
- } else {
- if (virNetDevBridgeAddPort(brname, parentVeth) < 0)
- goto cleanup;
+ if (brname) {
+ if (vport && vport->virtPortType == VIR_NETDEV_VPORT_PROFILE_OPENVSWITCH) {
+ if (virNetDevOpenvswitchAddPort(brname, parentVeth, &net->mac, vm->uuid,
+ vport, virDomainNetGetActualVlan(net)) < 0)
+ goto cleanup;
+ } else {
+ if (virNetDevBridgeAddPort(brname, parentVeth) < 0)
+ goto cleanup;
+ }
}
if (virNetDevSetOnline(parentVeth, true) < 0)
* to the one defined in the network definition.
*/
net = def->nets[i];
+
+ if (virLXCProcessValidateInterface(net) < 0)
+ return -1;
+
if (networkAllocateActualDevice(def, net) < 0)
goto cleanup;
_("No bridge name specified"));
goto cleanup;
}
- if (!(veth = virLXCProcessSetupInterfaceBridged(def,
- net,
- brname)))
+ if (!(veth = virLXCProcessSetupInterfaceTap(def, net, brname)))
goto cleanup;
} break;
-
+ case VIR_DOMAIN_NET_TYPE_ETHERNET:
+ if (!(veth = virLXCProcessSetupInterfaceTap(def, net, NULL)))
+ goto cleanup;
+ break;
case VIR_DOMAIN_NET_TYPE_DIRECT:
- if (!(veth = virLXCProcessSetupInterfaceDirect(conn,
- def,
- net)))
+ if (!(veth = virLXCProcessSetupInterfaceDirect(conn, def, net)))
goto cleanup;
break;
- case VIR_DOMAIN_NET_TYPE_ETHERNET:
case VIR_DOMAIN_NET_TYPE_USER:
case VIR_DOMAIN_NET_TYPE_VHOSTUSER:
case VIR_DOMAIN_NET_TYPE_SERVER:
/*
- * Copyright (C) 2010-2012 Red Hat, Inc.
+ * Copyright (C) 2010-2012, 2016 Red Hat, Inc.
* Copyright IBM Corp. 2008
*
* lxc_process.h: LXC process lifecycle management
int virLXCProcessReconnectAll(virLXCDriverPtr driver,
virDomainObjListPtr doms);
-char *virLXCProcessSetupInterfaceBridged(virDomainDefPtr vm,
- virDomainNetDefPtr net,
- const char *brname);
+int virLXCProcessValidateInterface(virDomainNetDefPtr net);
+char *virLXCProcessSetupInterfaceTap(virDomainDefPtr vm,
+ virDomainNetDefPtr net,
+ const char *brname);
char *virLXCProcessSetupInterfaceDirect(virConnectPtr conn,
virDomainDefPtr def,
virDomainNetDefPtr net);
--- /dev/null
+# Template used to create this container: opensuse
+# Template script checksum (SHA-1): 27307e0a95bd81b2c0bd82d6f87fdbe83be075ef
+
+lxc.network.type = veth
+lxc.network.flags = up
+lxc.network.hwaddr = 02:00:15:8f:05:c1
+lxc.network.name = eth0
+lxc.network.ipv4 = 192.168.122.2/24
+lxc.network.ipv4.gateway = 192.168.122.1
+lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596/64
+lxc.network.ipv6.gateway = 2003:db8:1:0:214:1234:fe0b:3595
+
+#remove next line if host DNS configuration should not be available to container
+lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry = sysfs sys sysfs defaults 0 0
+lxc.mount.entry = tmpfs run tmpfs size=8m,mode=0755,nodev,nosuid 0 0
+lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,ro 0 0
+lxc.rootfs = /var/lib/lxc/migrate_test/rootfs
+lxc.utsname = migrate_test
+lxc.arch = x86
+lxc.autodev=1
+lxc.tty = 2
+lxc.pts = 1024
+lxc.cap.drop = sys_module mac_admin mac_override mknod
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
+lxc.cgroup.devices.deny = a
+# /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+# consoles
+lxc.cgroup.devices.allow = c 5:1 rwm
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 4:0 rwm
+lxc.cgroup.devices.allow = c 4:1 rwm
+# /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:9 rwm
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+lxc.cgroup.devices.allow = c 5:2 rwm
+# rtc
+lxc.cgroup.devices.allow = c 254:0 rwm
--- /dev/null
+<domain type='lxc'>
+ <name>migrate_test</name>
+ <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+ <memory unit='KiB'>65536</memory>
+ <currentMemory unit='KiB'>65536</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <os>
+ <type arch='i686'>exe</type>
+ <init>/sbin/init</init>
+ </os>
+ <features>
+ <capabilities policy='allow'>
+ <mac_admin state='off'/>
+ <mac_override state='off'/>
+ <mknod state='off'/>
+ <sys_module state='off'/>
+ </capabilities>
+ </features>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>destroy</on_crash>
+ <devices>
+ <emulator>/usr/libexec/libvirt_lxc</emulator>
+ <filesystem type='mount' accessmode='passthrough'>
+ <source dir='/var/lib/lxc/migrate_test/rootfs'/>
+ <target dir='/'/>
+ </filesystem>
+ <filesystem type='ram' accessmode='passthrough'>
+ <source usage='8192' units='KiB'/>
+ <target dir='/run'/>
+ </filesystem>
+ <filesystem type='mount' accessmode='passthrough'>
+ <source dir='/etc/resolv.conf'/>
+ <target dir='/etc/resolv.conf'/>
+ <readonly/>
+ </filesystem>
+ <interface type='ethernet'>
+ <mac address='02:00:15:8f:05:c1'/>
+ <ip address='192.168.122.2' family='ipv4' prefix='24'/>
+ <ip address='2003:db8:1:0:214:1234:fe0b:3596' family='ipv6' prefix='64'/>
+ <route family='ipv4' address='0.0.0.0' gateway='192.168.122.1'/>
+ <route family='ipv6' address='::' gateway='2003:db8:1:0:214:1234:fe0b:3595'/>
+ <guest dev='eth0'/>
+ <link state='up'/>
+ </interface>
+ <console type='pty'>
+ <target type='lxc' port='0'/>
+ </console>
+ <console type='pty'>
+ <target type='lxc' port='1'/>
+ </console>
+ </devices>
+</domain>
DO_TEST("cputune", false);
DO_TEST("cpusettune", false);
DO_TEST("blkiotune", false);
+ DO_TEST("ethernet", false);
virObjectUnref(xmlopt);
virObjectUnref(caps);
--- /dev/null
+<domain type='lxc'>
+ <name>8675309</name>
+ <uuid>e21987a5-e98e-9c99-0e35-803e4d9ad1fe</uuid>
+ <memory unit='KiB'>1048576</memory>
+ <currentMemory unit='KiB'>1048576</currentMemory>
+ <vcpu placement='static'>1</vcpu>
+ <resource>
+ <partition>/machine</partition>
+ </resource>
+ <os>
+ <type arch='x86_64'>exe</type>
+ <init>/sbin/init</init>
+ </os>
+ <idmap>
+ <uid start='0' target='100000' count='100000'/>
+ <gid start='0' target='100000' count='100000'/>
+ </idmap>
+ <clock offset='utc'/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>restart</on_reboot>
+ <on_crash>restart</on_crash>
+ <devices>
+ <emulator>/usr/libexec/libvirt_lxc</emulator>
+ <filesystem type='mount' accessmode='passthrough'>
+ <source dir='/mach/8675309'/>
+ <target dir='/'/>
+ </filesystem>
+ <interface type='ethernet'>
+ <mac address='00:16:3e:0f:ef:8a'/>
+ <ip address='192.168.122.12' family='ipv4' prefix='24'/>
+ <ip address='192.168.122.13' family='ipv4' prefix='24'/>
+ <route family='ipv4' address='0.0.0.0' gateway='192.168.122.1'/>
+ <route family='ipv4' address='192.168.124.0' prefix='24' gateway='192.168.124.1'/>
+ <target dev='veth0'/>
+ <guest dev='eth2'/>
+ </interface>
+ <console type='pty'>
+ <target type='lxc' port='0'/>
+ </console>
+ </devices>
+ <seclabel type='none'/>
+</domain>
DO_TEST("idmap");
DO_TEST("capabilities");
DO_TEST("sharenet");
+ DO_TEST("ethernet");
DO_TEST_FULL("filesystem-root", 0, false,
VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS);
projects / libvirt.git / commitdiff