[Devel] [PATCH 0/3] Container fixups

Glauber Costa glommer at openvz.org
Mon May 20 05:49:38 PDT 2013


Kir,

This is a slightly modified shot at the container fixups.  First patch makes us
more resilient, since by being isolated by the mount namespaces, we no longer
have problems with leaking mounts. I identified one of those problems today,
and patch #1 in this series fixes it.

Patch #2 is the rebase of the fixups scripts patches taking this into account.

With patch #3, we provide a host-side fixup (so no guest scripts) for all
PAM-based distros, overriding PAM loginuid session decisions.  That module is
only used for the audit subsystem, which is not present in containers (and it
is not clear if it will ever be)

With this patches, I can successfully run vzctl enter and ssh into containers
running totally unmodified kernels for: centos, ubuntu and suse.

Please comment

Glauber Costa (3):
  hooks_ct: create devices inside container
  allow for distro-specific fix ups at creation time.
  hooks_ct: trick PAM to not bail out in loginuid failures

 etc/dists/redhat.conf       |  1 +
 etc/dists/scripts/fixups.sh | 43 ++++++++++++++++++++++
 include/dist.h              |  2 ++
 include/env.h               |  3 +-
 src/lib/dist.c              | 10 +++++-
 src/lib/env.c               | 10 +++---
 src/lib/exec.c              |  2 +-
 src/lib/hooks_ct.c          | 87 ++++++++++++++++++++++++++++++++++++++++++---
 8 files changed, 147 insertions(+), 11 deletions(-)
 create mode 100755 etc/dists/scripts/fixups.sh

-- 
1.7.11.7




More information about the Devel mailing list