Re: [libvirt] [PATCH v4] lxc: Inherit namespace feature

[Daniel P. Berrange]

On Thu, Aug 20, 2015 at 07:16:17PM +0530, ik.nitk wrote:
 This patch adds feature for lxc containers to inherit namespaces.
 This is very similar to what lxc-tools or docker provides.  Look
 for man lxc-start and you will find that you can pass command
 args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
 networking option in which you can give --net=container:NAME_or_ID
 as an option for sharing +namespace.
 
 From this patch you can add extra libvirt option to share
 namespace in following way.
 
  lxc:namespace
lxc:sharenet type='netns' value='red'/
lxc:shareipc type='pid' value='12345'/
lxc:shareuts type='name' value='container1'/
  /lxc:namespace
 
 The netns option is specific to sharenet. It can be used to
 inherit from existing network namespace.

ACK and pushed to GIT master. Thanks for taking the time to
work on this feature !

Regards,
Daniel
-- 
|: http://berrange.com  -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org  -o- http://virt-manager.org :|
|: http://autobuild.org   -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org   -o-   http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v4] lxc: Inherit namespace feature

[ik.nitk]

This patch adds feature for lxc containers to inherit namespaces.
This is very similar to what lxc-tools or docker provides.  Look
for man lxc-start and you will find that you can pass command
args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
networking option in which you can give --net=container:NAME_or_ID
as an option for sharing +namespace.

From this patch you can add extra libvirt option to share
namespace in following way.

 lxc:namespace
   lxc:sharenet type='netns' value='red'/
   lxc:shareipc type='pid' value='12345'/
   lxc:shareuts type='name' value='container1'/
 /lxc:namespace

The netns option is specific to sharenet. It can be used to
inherit from existing network namespace.

---
 docs/drvlxc.html.in   |  21 +
 docs/schemas/domaincommon.rng |  42 +
 po/POTFILES.in|   1 +
 src/Makefile.am   |   7 +-
 src/lxc/lxc_conf.c|   2 +-
 src/lxc/lxc_container.c   |  71 +--
 src/lxc/lxc_container.h   |   2 +
 src/lxc/lxc_controller.c  |  57 +++-
 src/lxc/lxc_domain.c  | 149 
 src/lxc/lxc_domain.h  |  26 ++
 src/lxc/lxc_process.c | 157 ++
 tests/lxcxml2xmldata/lxc-sharenet.xml |  33 +++
 tests/lxcxml2xmltest.c|   1 +
 13 files changed, 560 insertions(+), 9 deletions(-)
 create mode 100644 tests/lxcxml2xmldata/lxc-sharenet.xml

diff --git a/docs/drvlxc.html.in b/docs/drvlxc.html.in
index a094bd9..d6c57c4 100644
--- a/docs/drvlxc.html.in
+++ b/docs/drvlxc.html.in
@@ -590,6 +590,27 @@ Note that allowing capabilities that are normally dropped 
by default can serious
 affect the security of the container and the host.
 /p
 
+h2a name=shareInherit namespaces/a/h2
+
+p
+Libvirt allows you to inherit the namespace from container/process just like 
lxc tools
+or docker provides to share the network namespace. The following can be used 
to share
+required namespaces. If we want to share only one then the other namespaces 
can be ignored.
+The netns option is specific to sharenet. It can be used in cases we want to 
use existing network namespace
+rather than creating new network namespace for the container. In this case 
privnet option will be
+ignored.
+/p
+pre
+lt;domain type='lxc' xmlns:lxc='http://libvirt.org/schemas/domain/lxc/1.0'gt;
+...
+lt;lxc:namespacegt;
+  lt;lxc:sharenet type='netns' value='red'/gt;
+  lt;lxc:shareuts type='name' value='container1'/gt;
+  lt;lxc:shareipc type='pid' value='12345'/gt;
+lt;/lxc:namespacegt;
+lt;/domaingt;
+/pre
+
 h2a name=usageContainer usage / management/a/h2
 
 p
diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 043c975..fa026cd 100644
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -68,6 +68,9 @@
   ref name='qemucmdline'/
 /optional
 optional
+  ref name='lxcsharens'/
+/optional
+optional
   ref name='keywrap'/
 /optional
   /interleave
@@ -5057,6 +5060,45 @@
 /element
   /define
 
+  !--
+   Optional hypervisor extensions in their own namespace:
+   LXC
+--
+  define name=lxcsharens
+element name=namespace ns=http://libvirt.org/schemas/domain/lxc/1.0;
+  zeroOrMore
+element name=sharenet
+  attribute name=type
+choice
+  valuenetns/value
+  valuename/value
+  valuepid/value
+/choice
+  /attribute
+  attribute name='value'/
+/element
+element name=shareipc
+  attribute name=type
+choice
+  valuename/value
+  valuepid/value
+/choice
+  /attribute
+  attribute name='value'/
+/element
+element name=shareuts
+  attribute name=type
+choice
+  valuename/value
+  valuepid/value
+/choice
+  /attribute
+  attribute name='value'/
+/element
+  /zeroOrMore
+/element
+  /define
+
   define name=metadata
 element name=metadata
   zeroOrMore
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 1e52e6a..46220f7 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -85,6 +85,7 @@ src/lxc/lxc_native.c
 src/lxc/lxc_container.c
 src/lxc/lxc_conf.c
 src/lxc/lxc_controller.c
+src/lxc/lxc_domain.c
 src/lxc/lxc_driver.c
 src/lxc/lxc_process.c
 src/libxl/libxl_domain.c
diff --git a/src/Makefile.am b/src/Makefile.am
index c4d49a5..24d31e1 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -1320,7 +1320,12 @@ libvirt_driver_lxc_impl_la_CFLAGS = \
-I$(srcdir)/access \
-I$(srcdir)/conf \
$(AM_CFLAGS)
-libvirt_driver_lxc_impl_la_LIBADD = $(CAPNG_LIBS) $(LIBNL_LIBS) $(FUSE_LIBS)
+libvirt_driver_lxc_impl_la_LIBADD =