NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-20 11:48:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

lxc: Prevent shutting down the host

Browse Source 
When the container has the same '/dev' mount as host (no chroot),
calling domainShutdown(WithFlags) shouldn't shutdown the host it is
running on.
This commit is contained in:
Martin Kletzander 2013-03-21 15:59:50 +01:00
parent 8dbe85886c
commit c9c87376f2
1 changed files with 28 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/lxc/lxc_driver.c
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (C) 2010-2012 Red Hat, Inc. * Copyright (C) 2010-2013 Red Hat, Inc.
* Copyright IBM Corp. 2008 * Copyright IBM Corp. 2008
* *
* lxc_driver.c: linux container driver functions * lxc_driver.c: linux container driver functions
@ -2778,13 +2778,19 @@ lxcDomainShutdownFlags(virDomainPtr dom,
virLXCDriverPtr driver = dom->conn->privateData; virLXCDriverPtr driver = dom->conn->privateData;
virLXCDomainObjPrivatePtr priv; virLXCDomainObjPrivatePtr priv;
virDomainObjPtr vm; virDomainObjPtr vm;
virDomainFSDefPtr root;
char *vroot = NULL; char *vroot = NULL;
int ret = -1; int ret = -1;
int rc; int rc = 0;
bool methodSignal;
bool methodInitctl;
virCheckFlags(VIR_DOMAIN_SHUTDOWN_INITCTL | virCheckFlags(VIR_DOMAIN_SHUTDOWN_INITCTL |
VIR_DOMAIN_SHUTDOWN_SIGNAL, -1); VIR_DOMAIN_SHUTDOWN_SIGNAL, -1);
methodSignal = !!(flags & VIR_DOMAIN_SHUTDOWN_SIGNAL);
methodInitctl = !!(flags & VIR_DOMAIN_SHUTDOWN_INITCTL);
lxcDriverLock(driver); lxcDriverLock(driver);
vm = virDomainObjListFindByUUID(driver->domains, dom->uuid); vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
lxcDriverUnlock(driver); lxcDriverUnlock(driver);
@ -2798,6 +2804,7 @@ lxcDomainShutdownFlags(virDomainPtr dom,
} }
priv = vm->privateData; priv = vm->privateData;
root = virDomainGetRootFilesystem(vm->def);
if (!virDomainObjIsActive(vm)) { if (!virDomainObjIsActive(vm)) {
virReportError(VIR_ERR_OPERATION_INVALID, virReportError(VIR_ERR_OPERATION_INVALID,
@ -2817,27 +2824,31 @@ lxcDomainShutdownFlags(virDomainPtr dom,
goto cleanup; goto cleanup;
} }
if (flags == 0 || if (root && root->src) {
(flags & VIR_DOMAIN_SHUTDOWN_INITCTL)) { if (flags == 0)
if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF, methodSignal = methodInitctl = true;
vroot)) < 0) { } else if (methodInitctl) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Cannot shutdown container using initctl "
"without separated namespace"));
goto cleanup; goto cleanup;
} else {
methodSignal = true;
} }
if (rc == 0 && flags != 0 &&
((flags & ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) { if (methodInitctl) {
rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF, vroot);
if (rc < 0)
goto cleanup;
if (rc == 0 && !methodSignal) {
virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
_("Container does not provide an initctl pipe")); _("Container does not provide an initctl pipe"));
goto cleanup; goto cleanup;
} }
} else {
rc = 0;
} }
if (rc == 0 && methodSignal) {
if (rc == 0 && ret = kill(priv->initpid, SIGTERM);
(flags == 0 || if (ret < 0 && errno != ESRCH) {
(flags & VIR_DOMAIN_SHUTDOWN_SIGNAL))) {
if (kill(priv->initpid, SIGTERM) < 0 &&
errno != ESRCH) {
virReportSystemError(errno, virReportSystemError(errno,
_("Unable to send SIGTERM to init pid %llu"), _("Unable to send SIGTERM to init pid %llu"),
(unsigned long long)priv->initpid); (unsigned long long)priv->initpid);