virprocess: Introduce virProcessSetupPrivateMountNS

This part of code that LXC currently uses will be reused so move
to a generic function.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>

diff --git a/configure.ac b/configure.ac
index d8802808b8e5f579f233ebdb78b4b8988c844b0b..b425a379e6abf6299c55b5bf1d92727c7d67d515 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -272,7 +272,7 @@ dnl and various less common threadsafe functions
 AC_CHECK_FUNCS_ONCE([cfmakeraw fallocate geteuid getgid getgrnam_r \
   getmntent_r getpwuid_r getrlimit getuid kill mmap newlocale posix_fallocate \
   posix_memalign prlimit regexec sched_getaffinity setgroups setns \
-  setrlimit symlink sysctlbyname getifaddrs sched_setscheduler])
+  setrlimit symlink sysctlbyname getifaddrs sched_setscheduler unshare])
 
 dnl Availability of pthread functions. Because of $LIB_PTHREAD, we
 dnl cannot use AC_CHECK_FUNCS_ONCE. LIB_PTHREAD and LIBMULTITHREAD

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 290c4799625d376111aa659c88354068dbbe2158..d730a17c91899187817333a800155302c7060e77 100644 (file)
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2263,6 +2263,7 @@ virProcessSetMaxMemLock;
 virProcessSetMaxProcesses;
 virProcessSetNamespaces;
 virProcessSetScheduler;
+virProcessSetupPrivateMountNS;
 virProcessTranslateStatus;
 virProcessWait;
 

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 508bc3e6c4488279e04af574ba6084188e91d802..29f1179c033e94b71f62d5e96a6705e66b46e387 100644 (file)
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2092,8 +2092,6 @@ lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
 static int
 virLXCControllerSetupPrivateNS(void)
 {
-    int ret = -1;
-
     /*
      * If doing a chroot style setup, we need to prepare
      * a private /dev/pts for the child now, which they
@@ -2115,21 +2113,7 @@ virLXCControllerSetupPrivateNS(void)
      * marked as shared
      */
 
-    if (unshare(CLONE_NEWNS) < 0) {
-        virReportSystemError(errno, "%s",
-                             _("Cannot unshare mount namespace"));
-        goto cleanup;
-    }
-
-    if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
-        virReportSystemError(errno, "%s",
-                             _("Failed to switch root mount into slave mode"));
-        goto cleanup;
-    }
-
-    ret = 0;
- cleanup:
-    return ret;
+    return virProcessSetupPrivateMountNS();
 }
 
 

diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index 7db97bc5335616bab763fe86bf1e9054f4677181..1ebe863fb56c87e059f8a0da4e61bfd840486f3f 100644 (file)
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -28,6 +28,9 @@
 #include <stdlib.h>
 #include <sys/wait.h>
 #include <unistd.h>
+#if HAVE_SYS_MOUNT_H
+# include <sys/mount.h>
+#endif
 #if HAVE_SETRLIMIT
 # include <sys/time.h>
 # include <sys/resource.h>
@@ -1146,6 +1149,41 @@ virProcessRunInMountNamespace(pid_t pid,
 }
 
 
+#if defined(HAVE_SYS_MOUNT_H) && defined(HAVE_UNSHARE)
+int
+virProcessSetupPrivateMountNS(void)
+{
+    int ret = -1;
+
+    if (unshare(CLONE_NEWNS) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Cannot unshare mount namespace"));
+        goto cleanup;
+    }
+
+    if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Failed to switch root mount into slave mode"));
+        goto cleanup;
+    }
+
+    ret = 0;
+ cleanup:
+    return ret;
+}
+
+#else /* !defined(HAVE_SYS_MOUNT_H) || !defined(HAVE_UNSHARE) */
+
+int
+virProcessSetupPrivateMountNS(void)
+{
+    virReportSystemError(ENOSYS, "%s",
+                         _("Namespaces are not supported on this platform."));
+    return -1;
+}
+#endif /* !defined(HAVE_SYS_MOUNT_H) || !defined(HAVE_UNSHARE) */
+
+
 /**
  * virProcessExitWithStatus:
  * @status: raw status to be reproduced when this process dies

diff --git a/src/util/virprocess.h b/src/util/virprocess.h
index 04e9802aa688eea4bfa4927754df5bce6a1a223a..c76a1fbc530e3691de537391335f75324e10c96a 100644 (file)
--- a/src/util/virprocess.h
+++ b/src/util/virprocess.h
@@ -90,6 +90,8 @@ int virProcessRunInMountNamespace(pid_t pid,
                                   virProcessNamespaceCallback cb,
                                   void *opaque);
 
+int virProcessSetupPrivateMountNS(void);
+
 int virProcessSetScheduler(pid_t pid,
                            virProcessSchedPolicy policy,
                            int priority);