[Devel] [PATCH rh7 v2] ve/devpts: Support per-VE mount namespace

Cyrill Gorcunov gorcunov at virtuozzo.com
Wed Jul 22 06:11:27 PDT 2015 

On Wed, Jul 22, 2015 at 03:48:33PM +0300, Vladimir Davydov wrote:
> On Wed, Jul 22, 2015 at 03:32:25PM +0300, Cyrill Gorcunov wrote:
> > On Wed, Jul 22, 2015 at 03:16:38PM +0300, Vladimir Davydov wrote:
> > > > 
> > > > 1) Simply mount devpts without newinstance option. That's how old containers
> > > >    or ubuntu-14 container works: they simply mount devpts and don't consider
> > > >    situation when they are working under lightweight virtualization environment.
> > > >    For this we always provide per-container devpts instance making changes inside
> > > >    kernel itself, so that containers don't see the node's devpts neither they
> > > >    can reach other containers' devpts. Because of being a separate superblock
> > > >    the CRIU notes that and adds @newinstance option into mount options which
> > > 
> > > Does the first devpts mount performed by CRIU proceeds from VE context?
> > 
> > Yes.
> 
> That's a relief. I asked, because a few paragraphs above you claimed it
> is not always true (or I thought you did):

The thing is that we've changed the scheme a few times (starting
from ve0, from veX, from ve0 again) so that everytime I'm asked
i've to check which the scheme is currently used.

> You just add this:
> 
>        if (opts.newinstance)
>                s = sget(fs_type, NULL, set_anon_super, flags, NULL);
>        else
>                root = mount_ns(fs_type, flags, data, get_exec_env(), devpts_fill_super);
>                s = sget(fs_type, compare_init_pts_sb, set_anon_super, flags,
>                         NULL);
> 
> Then if there is no ve->devpts_sb, you will get a new super block, no
> matter if newinstance is passed or not. Then you set devpts_sb. Any
> following mount will return:
> 
>  - w/o instance - devpts_sb
>  - with newinstance - a new super block
> 
> And you don't need any hacks. Why will this not work?

Wait, in the code above if @opts.newinstance = 1 we allocate
new superblock, and that's the problem: on restore we
pass @opts.newinstance = 1 for container devtps mount
and instaed of using ve->devpts_sb we'll get new
superblock here. How the code above would prevent this?
What I'm missing here?

More information about the Devel mailing list