[libvirt] [PATCH v4] lxc: Inherit namespace feature
This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for man lxc-start and you will find that you can pass command args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker networking option in which you can give --net=container:NAME_or_ID as an option for sharing +namespace. From this patch you can add extra libvirt option to share namespace in following way. lxc:namespace lxc:sharenet type='netns' value='red'/ lxc:shareipc type='pid' value='12345'/ lxc:shareuts type='name' value='container1'/ /lxc:namespace The netns option is specific to sharenet. It can be used to inherit from existing network namespace. --- docs/drvlxc.html.in | 21 + docs/schemas/domaincommon.rng | 42 + po/POTFILES.in| 1 + src/Makefile.am | 7 +- src/lxc/lxc_conf.c| 2 +- src/lxc/lxc_container.c | 71 +-- src/lxc/lxc_container.h | 2 + src/lxc/lxc_controller.c | 57 +++- src/lxc/lxc_domain.c | 149 src/lxc/lxc_domain.h | 26 ++ src/lxc/lxc_process.c | 157 ++ tests/lxcxml2xmldata/lxc-sharenet.xml | 33 +++ tests/lxcxml2xmltest.c| 1 + 13 files changed, 560 insertions(+), 9 deletions(-) create mode 100644 tests/lxcxml2xmldata/lxc-sharenet.xml diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index a094bd9..d6c57c4 100644 --- a/docs/drvlxc.html.in +++ b/docs/drvlxc.html.in @@ -590,6 +590,27 @@ Note that allowing capabilities that are normally dropped by default can serious affect the security of the container and the host. /p +h2a name=shareInherit namespaces/a/h2 + +p +Libvirt allows you to inherit the namespace from container/process just like lxc tools +or docker provides to share the network namespace. The following can be used to share +required namespaces. If we want to share only one then the other namespaces can be ignored. +The netns option is specific to sharenet. It can be used in cases we want to use existing network namespace +rather than creating new network namespace for the container. In this case privnet option will be +ignored. +/p +pre +lt;domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'gt; +... +lt;lxc:namespacegt; + lt;lxc:sharenet type='netns' value='red'/gt; + lt;lxc:shareuts type='name' value='container1'/gt; + lt;lxc:shareipc type='pid' value='12345'/gt; +lt;/lxc:namespacegt; +lt;/domaingt; +/pre + h2a name=usageContainer usage / management/a/h2 p diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 043c975..fa026cd 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -68,6 +68,9 @@ ref name='qemucmdline'/ /optional optional + ref name='lxcsharens'/ +/optional +optional ref name='keywrap'/ /optional /interleave @@ -5057,6 +5060,45 @@ /element /define + !-- + Optional hypervisor extensions in their own namespace: + LXC +-- + define name=lxcsharens +element name=namespace ns=http://libvirt.org/schemas/domain/lxc/1.0; + zeroOrMore +element name=sharenet + attribute name=type +choice + valuenetns/value + valuename/value + valuepid/value +/choice + /attribute + attribute name='value'/ +/element +element name=shareipc + attribute name=type +choice + valuename/value + valuepid/value +/choice + /attribute + attribute name='value'/ +/element +element name=shareuts + attribute name=type +choice + valuename/value + valuepid/value +/choice + /attribute + attribute name='value'/ +/element + /zeroOrMore +/element + /define + define name=metadata element name=metadata zeroOrMore diff --git a/po/POTFILES.in b/po/POTFILES.in index 1e52e6a..46220f7 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -85,6 +85,7 @@ src/lxc/lxc_native.c src/lxc/lxc_container.c src/lxc/lxc_conf.c src/lxc/lxc_controller.c +src/lxc/lxc_domain.c src/lxc/lxc_driver.c src/lxc/lxc_process.c src/libxl/libxl_domain.c diff --git a/src/Makefile.am b/src/Makefile.am index c4d49a5..24d31e1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1320,7 +1320,12 @@ libvirt_driver_lxc_impl_la_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ $(AM_CFLAGS) -libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS) +libvirt_driver_lxc_impl_la_LIBADD =
[libvirt] [PATCH] Inherit namespace feature 2
This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for man lxc-start and you will find that you can pass command args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker networking option in which you can give --net=container:NAME_or_ID as an option for sharing namespace. From this patch you can add extra libvirt option to share namespace in following way. lxc:namespace lxc:sharenet type='netns' value='red'/ lxc:shareipc type='pid' value='12345'/ lxc:shareuts type='name' value='container1'/ /lxc:namespace The netns option is specific to sharenet. It can be used to inherit from existing network namespace.w --- docs/drvlxc.html.in | 21 + docs/schemas/domaincommon.rng | 42 + src/Makefile.am | 2 +- src/lxc/lxc_conf.c| 2 +- src/lxc/lxc_conf.h| 15 src/lxc/lxc_container.c | 145 -- src/lxc/lxc_container.h | 1 + src/lxc/lxc_controller.c | 42 - src/lxc/lxc_domain.c | 164 +- src/lxc/lxc_domain.h | 1 + src/lxc/lxc_process.c | 111 +++ tests/lxcxml2xmldata/lxc-sharenet.xml | 33 +++ tests/lxcxml2xmltest.c| 1 + 13 files changed, 570 insertions(+), 10 deletions(-) create mode 100644 tests/lxcxml2xmldata/lxc-sharenet.xml diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in index a094bd9..d6c57c4 100644 --- a/docs/drvlxc.html.in +++ b/docs/drvlxc.html.in @@ -590,6 +590,27 @@ Note that allowing capabilities that are normally dropped by default can serious affect the security of the container and the host. /p +h2a name=shareInherit namespaces/a/h2 + +p +Libvirt allows you to inherit the namespace from container/process just like lxc tools +or docker provides to share the network namespace. The following can be used to share +required namespaces. If we want to share only one then the other namespaces can be ignored. +The netns option is specific to sharenet. It can be used in cases we want to use existing network namespace +rather than creating new network namespace for the container. In this case privnet option will be +ignored. +/p +pre +lt;domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'gt; +... +lt;lxc:namespacegt; + lt;lxc:sharenet type='netns' value='red'/gt; + lt;lxc:shareuts type='name' value='container1'/gt; + lt;lxc:shareipc type='pid' value='12345'/gt; +lt;/lxc:namespacegt; +lt;/domaingt; +/pre + h2a name=usageContainer usage / management/a/h2 p diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng index 1120003..803b327 100644 --- a/docs/schemas/domaincommon.rng +++ b/docs/schemas/domaincommon.rng @@ -68,6 +68,9 @@ ref name='qemucmdline'/ /optional optional + ref name='lxcsharens'/ +/optional +optional ref name='keywrap'/ /optional /interleave @@ -5012,6 +5015,45 @@ /element /define + !-- + Optional hypervisor extensions in their own namespace: + LXC +-- + define name=lxcsharens +element name=namespace ns=http://libvirt.org/schemas/domain/lxc/1.0; + zeroOrMore +element name=sharenet + attribute name=type +choice + valuenetns/value + valuename/value + valuepid/value +/choice + /attribute + attribute name='value'/ +/element +element name=shareipc + attribute name=type +choice + valuename/value + valuepid/value +/choice + /attribute + attribute name='value'/ +/element +element name=shareuts + attribute name=type +choice + valuename/value + valuepid/value +/choice + /attribute + attribute name='value'/ +/element + /zeroOrMore +/element + /define + define name=metadata element name=metadata zeroOrMore diff --git a/src/Makefile.am b/src/Makefile.am index c4d49a5..b2ceda3 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1320,7 +1320,7 @@ libvirt_driver_lxc_impl_la_CFLAGS = \ -I$(srcdir)/access \ -I$(srcdir)/conf \ $(AM_CFLAGS) -libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS) +libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(LIBXML_LIBS) libvirt-lxc.la $(FUSE_LIBS) if WITH_BLKID libvirt_driver_lxc_impl_la_CFLAGS += $(BLKID_CFLAGS) libvirt_driver_lxc_impl_la_LIBADD += $(BLKID_LIBS) diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c index b689b92..8ada531 100644 --- a/src/lxc/lxc_conf.c +++
[libvirt] [PATCH] Inherit namespace feature
This patch adds feature for lxc containers to inherit namespaces. This is very
similar to what
lxc-tools or docker provides. Look for man lxc-start and you will find that
you can pass command args as
[ --share-[net|ipc|uts] name|pid ]. Or check out docker networking option in
which you can give --net=container:NAME_or_ID as an option for sharing
namespace.
From this patch you can add extra libvirt option to share namespace in
following way.
lxc:namespace
lxc:sharenet type='netns' value='red'/
lxc:shareipc type='pid' value='12345'/
lxc:shareuts type='name' value='container1'/
/lxc:namespace
---
docs/drvlxc.html.in | 18 +++
docs/schemas/domaincommon.rng | 42 ++
src/Makefile.am | 4 +-
src/lxc/lxc_conf.c| 2 +-
src/lxc/lxc_conf.h| 15 +++
src/lxc/lxc_container.c | 236 +-
src/lxc/lxc_domain.c | 164 ++-
src/lxc/lxc_domain.h | 1 +
tests/lxcxml2xmldata/lxc-sharenet.xml | 33 +
tests/lxcxml2xmltest.c| 1 +
10 files changed, 507 insertions(+), 9 deletions(-)
create mode 100644 tests/lxcxml2xmldata/lxc-sharenet.xml
diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in
index a094bd9..d14d4c7 100644
--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -590,6 +590,24 @@ Note that allowing capabilities that are normally dropped
by default can serious
affect the security of the container and the host.
/p
+h2a name=shareInherit namespaces/a/h2
+
+p
+Libvirt allows you to inherit the namespace from container/process just like
lxc tools
+or docker provides to share the network namespace. The following can be used
to share
+required namespaces. If we want to share only one then the other namespaces
can be ignored.
+/p
+pre
+lt;domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'gt;
+...
+lt;lxc:namespacegt;
+ lt;lxc:sharenet type='netns' value='red'/gt;
+ lt;lxc:shareuts type='name' value='container1'/gt;
+ lt;lxc:shareipc type='pid' value='12345'/gt;
+lt;/lxc:namespacegt;
+lt;/domaingt;
+/pre
+
h2a name=usageContainer usage / management/a/h2
p
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 1120003..803b327 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -68,6 +68,9 @@
ref name='qemucmdline'/
/optional
optional
+ ref name='lxcsharens'/
+/optional
+optional
ref name='keywrap'/
/optional
/interleave
@@ -5012,6 +5015,45 @@
/element
/define
+ !--
+ Optional hypervisor extensions in their own namespace:
+ LXC
+--
+ define name=lxcsharens
+element name=namespace ns=http://libvirt.org/schemas/domain/lxc/1.0;
+ zeroOrMore
+element name=sharenet
+ attribute name=type
+choice
+ valuenetns/value
+ valuename/value
+ valuepid/value
+/choice
+ /attribute
+ attribute name='value'/
+/element
+element name=shareipc
+ attribute name=type
+choice
+ valuename/value
+ valuepid/value
+/choice
+ /attribute
+ attribute name='value'/
+/element
+element name=shareuts
+ attribute name=type
+choice
+ valuename/value
+ valuepid/value
+/choice
+ /attribute
+ attribute name='value'/
+/element
+ /zeroOrMore
+/element
+ /define
+
define name=metadata
element name=metadata
zeroOrMore
diff --git a/src/Makefile.am b/src/Makefile.am
index be63e26..ef96a5a 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1319,7 +1319,7 @@ libvirt_driver_lxc_impl_la_CFLAGS = \
-I$(srcdir)/access \
-I$(srcdir)/conf \
$(AM_CFLAGS)
-libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS)
+libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(LIBXML_LIBS)
libvirt-lxc.la $(FUSE_LIBS)
if WITH_BLKID
libvirt_driver_lxc_impl_la_CFLAGS += $(BLKID_CFLAGS)
libvirt_driver_lxc_impl_la_LIBADD += $(BLKID_LIBS)
@@ -2709,6 +2709,8 @@ libvirt_lxc_LDADD = \
libvirt-net-rpc.la \
libvirt_security_manager.la \
libvirt_conf.la \
+ libvirt.la \
+ libvirt-lxc.la \
libvirt_util.la \
../gnulib/lib/libgnu.la
if WITH_DTRACE_PROBES
diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c
index c393cb5..96a0f47 100644
--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -213,7 +213,7 @@ lxcDomainXMLConfInit(void)
{
return virDomainXMLOptionNew(virLXCDriverDomainDefParserConfig,
[libvirt] [PATCH] lxc: Add option to inherit namespace from a name container or a pid or a netns
lxc / docker containers gives option to inherit the
namespaces. Example lxc-start has option [ --share-[net|ipc|uts] name|pid ]
where --share-net name|pid means Inherit a network namespace from a
name container or a pid.
This patch tries to add the similar option to libvirt lxc. So to inherit
namespace from name
container c2.
add this into xml.
lxc:namespace
sharenet type='name' value='c2'/
/lxc:namespace
And to inherit namespace from a pid.
add this into xml.
lxc:namespace
sharenet type='pid' value='10245'/
/lxc:namespace
And to inherit namespace from a netns.
add this into xml.
lxc:namespace
sharenet type='netns' value='red'/
/lxc:namespace
Similar options for ipc/uts.
shareipc/ , shareuts /
The reasong lxc xml namespace is added because this feature is very specific
to lxc. Therfore wanted to
keep it seperated from actual libvirt xml domain.
So the final vrish xml file would look like
domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'
namecn-03/name
memory327680/memory
os
typeexe/type
init/sbin/init/init
/os
lxc:namespace
sharenet type='netns' value='red'/
/lxc:namespace
vcpu1/vcpu
clock offset='utc'/
on_poweroffdestroy/on_poweroff
on_rebootrestart/on_reboot
on_crashdestroy/on_crash
devices
emulator/usr/lib/libvirt/libvirt_lxc/emulator
filesystem type='mount'
source dir='/var/lib/lxc/u1/rootfs'/
target dir='/'/
/filesystem
console type='pty'/
/devices
/domain
-imran
---
src/Makefile.am | 5 +-
src/lxc/lxc_conf.c | 2 +-
src/lxc/lxc_conf.h | 23 +
src/lxc/lxc_container.c | 191 ++--
src/lxc/lxc_domain.c| 254 +++-
src/lxc/lxc_domain.h| 1 +
6 files changed, 463 insertions(+), 13 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 579421d..1a78fde 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1293,7 +1293,8 @@ libvirt_driver_lxc_impl_la_CFLAGS = \
-I$(srcdir)/access \
-I$(srcdir)/conf \
$(AM_CFLAGS)
-libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS)
+libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(LIBXML_LIBS)
$(FUSE_LIBS)
+libvirt_driver_lxc_impl_la_LDFLAGS = libvirt-lxc.la
if WITH_BLKID
libvirt_driver_lxc_impl_la_CFLAGS += $(BLKID_CFLAGS)
libvirt_driver_lxc_impl_la_LIBADD += $(BLKID_LIBS)
@@ -2652,6 +2653,8 @@ libvirt_lxc_LDADD = \
libvirt-net-rpc.la \
libvirt_security_manager.la \
libvirt_conf.la \
+ libvirt.la \
+ libvirt-lxc.la \
libvirt_util.la \
../gnulib/lib/libgnu.la
if WITH_DTRACE_PROBES
diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c
index c393cb5..96a0f47 100644
--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -213,7 +213,7 @@ lxcDomainXMLConfInit(void)
{
return virDomainXMLOptionNew(virLXCDriverDomainDefParserConfig,
virLXCDriverPrivateDataCallbacks,
- NULL);
+ virLXCDriverDomainXMLNamespace);
}
diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h
index 8340b1f..59002e5 100644
--- a/src/lxc/lxc_conf.h
+++ b/src/lxc/lxc_conf.h
@@ -67,6 +67,29 @@ struct _virLXCDriverConfig {
bool securityRequireConfined;
};
+
+typedef enum {
+VIR_DOMAIN_NAMESPACE_SHARENET = 0,
+VIR_DOMAIN_NAMESPACE_SHAREIPC,
+VIR_DOMAIN_NAMESPACE_SHAREUTS,
+VIR_DOMAIN_NAMESPACE_LAST,
+} virDomainNamespace;
+
+struct ns_info {
+const char *proc_name;
+int clone_flag;
+};
+
+extern const struct ns_info ns_info[VIR_DOMAIN_NAMESPACE_LAST];
+
+typedef struct _lxcDomainDef lxcDomainDef;
+typedef lxcDomainDef *lxcDomainDefPtr;
+struct _lxcDomainDef {
+int ns_inherit_fd[VIR_DOMAIN_NAMESPACE_LAST];
+char *ns_type[VIR_DOMAIN_NAMESPACE_LAST];
+char *ns_val[VIR_DOMAIN_NAMESPACE_LAST];
+};
+
struct _virLXCDriver {
virMutex lock;
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 9a9ae5c..a9a7ba0 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -25,8 +25,8 @@
*/
#include config.h
-
#include fcntl.h
+#include sched.h
#include limits.h
#include stdlib.h
#include stdio.h
@@ -38,7 +38,6 @@
#include mntent.h
#include sys/reboot.h
#include linux/reboot.h
-
/* Yes, we want linux private one, for _syscall2() macro */
#include linux/unistd.h
@@ -99,6 +98,50 @@ VIR_LOG_INIT(lxc.lxc_container);
typedef char lxc_message_t;
#define LXC_CONTINUE_MSG 'c'
+#ifdef __linux__
+/*
+ * Workaround older glibc. While kernel may support the setns
+ * syscall, the glibc wrapper might not exist. If that's the
+ * case, use our own.
+ */
+# ifndef __NR_setns
+#
[libvirt] [PATCH] lxc / docker containers gives option to inherit the namespaces. Example lxc-start has option [ --share-[net|ipc|uts] name|pid ] where --share-net name|pid means Inherit a network nam
This patch tries to add the similar option to libvirt lxc. So to inherit
namespace from name
container c2.
add this into xml.
lxc:namespace
sharenet type='name' value='c2'/
/lxc:namespace
And to inherit namespace from a pid.
add this into xml.
lxc:namespace
sharenet type='pid' value='10245'/
/lxc:namespace
And to inherit namespace from a netns.
add this into xml.
lxc:namespace
sharenet type='netns' value='red'/
/lxc:namespace
Similar options for ipc/uts.
shareipc/ , shareuts /
The reasong lxc xml namespace is added because this feature is very specific
to lxc. Therfore wanted to
keep it seperated from actual libvirt xml domain.
-imran
---
src/Makefile.am | 5 +-
src/lxc/lxc_conf.c | 2 +-
src/lxc/lxc_conf.h | 23 +
src/lxc/lxc_container.c | 191 ++--
src/lxc/lxc_domain.c| 254 +++-
src/lxc/lxc_domain.h| 1 +
6 files changed, 463 insertions(+), 13 deletions(-)
diff --git a/src/Makefile.am b/src/Makefile.am
index 579421d..1a78fde 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1293,7 +1293,8 @@ libvirt_driver_lxc_impl_la_CFLAGS = \
-I$(srcdir)/access \
-I$(srcdir)/conf \
$(AM_CFLAGS)
-libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS)
+libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(LIBXML_LIBS)
$(FUSE_LIBS)
+libvirt_driver_lxc_impl_la_LDFLAGS = libvirt-lxc.la
if WITH_BLKID
libvirt_driver_lxc_impl_la_CFLAGS += $(BLKID_CFLAGS)
libvirt_driver_lxc_impl_la_LIBADD += $(BLKID_LIBS)
@@ -2652,6 +2653,8 @@ libvirt_lxc_LDADD = \
libvirt-net-rpc.la \
libvirt_security_manager.la \
libvirt_conf.la \
+ libvirt.la \
+ libvirt-lxc.la \
libvirt_util.la \
../gnulib/lib/libgnu.la
if WITH_DTRACE_PROBES
diff --git a/src/lxc/lxc_conf.c b/src/lxc/lxc_conf.c
index c393cb5..96a0f47 100644
--- a/src/lxc/lxc_conf.c
+++ b/src/lxc/lxc_conf.c
@@ -213,7 +213,7 @@ lxcDomainXMLConfInit(void)
{
return virDomainXMLOptionNew(virLXCDriverDomainDefParserConfig,
virLXCDriverPrivateDataCallbacks,
- NULL);
+ virLXCDriverDomainXMLNamespace);
}
diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h
index 8340b1f..59002e5 100644
--- a/src/lxc/lxc_conf.h
+++ b/src/lxc/lxc_conf.h
@@ -67,6 +67,29 @@ struct _virLXCDriverConfig {
bool securityRequireConfined;
};
+
+typedef enum {
+VIR_DOMAIN_NAMESPACE_SHARENET = 0,
+VIR_DOMAIN_NAMESPACE_SHAREIPC,
+VIR_DOMAIN_NAMESPACE_SHAREUTS,
+VIR_DOMAIN_NAMESPACE_LAST,
+} virDomainNamespace;
+
+struct ns_info {
+const char *proc_name;
+int clone_flag;
+};
+
+extern const struct ns_info ns_info[VIR_DOMAIN_NAMESPACE_LAST];
+
+typedef struct _lxcDomainDef lxcDomainDef;
+typedef lxcDomainDef *lxcDomainDefPtr;
+struct _lxcDomainDef {
+int ns_inherit_fd[VIR_DOMAIN_NAMESPACE_LAST];
+char *ns_type[VIR_DOMAIN_NAMESPACE_LAST];
+char *ns_val[VIR_DOMAIN_NAMESPACE_LAST];
+};
+
struct _virLXCDriver {
virMutex lock;
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 9a9ae5c..a9a7ba0 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -25,8 +25,8 @@
*/
#include config.h
-
#include fcntl.h
+#include sched.h
#include limits.h
#include stdlib.h
#include stdio.h
@@ -38,7 +38,6 @@
#include mntent.h
#include sys/reboot.h
#include linux/reboot.h
-
/* Yes, we want linux private one, for _syscall2() macro */
#include linux/unistd.h
@@ -99,6 +98,50 @@ VIR_LOG_INIT(lxc.lxc_container);
typedef char lxc_message_t;
#define LXC_CONTINUE_MSG 'c'
+#ifdef __linux__
+/*
+ * Workaround older glibc. While kernel may support the setns
+ * syscall, the glibc wrapper might not exist. If that's the
+ * case, use our own.
+ */
+# ifndef __NR_setns
+# if defined(__x86_64__)
+# define __NR_setns 308
+# elif defined(__i386__)
+# define __NR_setns 346
+# elif defined(__arm__)
+# define __NR_setns 375
+# elif defined(__aarch64__)
+# define __NR_setns 375
+# elif defined(__powerpc__)
+# define __NR_setns 350
+# elif defined(__s390__)
+# define __NR_setns 339
+# endif
+# endif
+
+# ifndef HAVE_SETNS
+# if defined(__NR_setns)
+# include sys/syscall.h
+
+static inline int setns(int fd, int nstype)
+{
+return syscall(__NR_setns, fd, nstype);
+}
+# else /* !__NR_setns */
+# error Please determine the syscall number for setns on your architecture
+# endif
+# endif
+#else /* !__linux__ */
+static inline int setns(int fd ATTRIBUTE_UNUSED, int nstype ATTRIBUTE_UNUSED)
+{
+virReportSystemError(ENOSYS, %s,
+ _(Namespaces are not supported on this platform.));
+return -1;
+}
