cope with kernels where CLONE_NEWUSER is not supported

* src/lxc_container.c src/lxc_container.h: cope with kernels
  where CLONE_NEWUSER is not supported, patch by Serge Hallyn
daniel

diff --git a/ChangeLog b/ChangeLog
index 2b2ca1d7ab94aea4f2f01f5ab66e89be32cfa738..a388b979cbdda68a8638c57527e1d5dba58cccc2 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Mon Apr 20 14:25:41 CEST 2009 Daniel Veillard <veillard@redhat.com>
+
+       * src/lxc_container.c src/lxc_container.h: cope with kernels
+         where CLONE_NEWUSER is not supported, patch by Serge Hallyn
+
 Mon Apr 20 12:54:02 GMT 2009 Mark McLoughlin <markmc@redhat.com>
 
        * docs/virsh.pod, virsh.1: fix typo reported by Robert P. J. Day

diff --git a/src/lxc_container.c b/src/lxc_container.c
index 67c66bd9b37b8bbd646672f48266aeb8666e8ff3..26cd61939866600d58799864514da06d28b53a77 100644 (file)
--- a/src/lxc_container.c
+++ b/src/lxc_container.c
@@ -277,7 +277,7 @@ static int lxcContainerChildMountSort(const void *a, const void *b)
 #endif
 
 #ifndef MS_SLAVE
-#define MS_SLAVE               (1<<19)
+#define MS_SLAVE                (1<<19)
 #endif
 
 static int lxcContainerPivotRoot(virDomainFSDefPtr root)
@@ -666,6 +666,11 @@ static int lxcContainerChild( void *data )
     return lxcContainerExecInit(vmDef);
 }
 
+static int userns_supported(void)
+{
+    return lxcContainerAvailable(LXC_CONTAINER_FEATURE_USER) == 0;
+}
+
 /**
  * lxcContainerStart:
  * @driver: pointer to driver structure
@@ -694,7 +699,10 @@ int lxcContainerStart(virDomainDefPtr def,
     }
     stacktop = stack + stacksize;
 
-    flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|CLONE_NEWIPC|SIGCHLD;
+    flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|SIGCHLD;
+
+    if (userns_supported())
+        flags |= CLONE_NEWUSER;
 
     if (def->nets != NULL)
         flags |= CLONE_NEWNET;
@@ -719,13 +727,16 @@ static int lxcContainerDummyChild(void *argv ATTRIBUTE_UNUSED)
 
 int lxcContainerAvailable(int features)
 {
-    int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|
+    int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|
         CLONE_NEWIPC|SIGCHLD;
     int cpid;
     char *childStack;
     char *stack;
     int childStatus;
 
+    if (features & LXC_CONTAINER_FEATURE_USER)
+        flags |= CLONE_NEWUSER;
+
     if (features & LXC_CONTAINER_FEATURE_NET)
         flags |= CLONE_NEWNET;
 

diff --git a/src/lxc_container.h b/src/lxc_container.h
index 5d037b06023dec9e9d29b260f24268ed2a5c81df..b99e83e53675be3c7aed90f7f65bc6523ec88629 100644 (file)
--- a/src/lxc_container.h
+++ b/src/lxc_container.h
@@ -28,6 +28,7 @@
 
 enum {
     LXC_CONTAINER_FEATURE_NET = (1 << 0),
+    LXC_CONTAINER_FEATURE_USER = (1 << 1),
 };
 
 #define LXC_DEV_MAJ_MEMORY  1