[pve-devel] [PATCH 5/8] add lxc.mount.entry && lxc.cgroup.devices.allow

Fri Aug 14 14:56:46 CEST 2015

Signed-off-by: Alexandre Derumier <aderumier at odiso.com>
---
 src/PVE/LXC.pm | 69 +++++++++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 51 insertions(+), 18 deletions(-)

diff --git a/src/PVE/LXC.pm b/src/PVE/LXC.pm
index 7fa75eb..df3e63a 100644
--- a/src/PVE/LXC.pm
+++ b/src/PVE/LXC.pm
@@ -12,7 +12,7 @@ use PVE::Storage;
 use PVE::SafeSyslog;
 use PVE::INotify;
 use PVE::JSONSchema qw(get_standard_option);
-use PVE::Tools qw($IPV6RE $IPV4RE);
+use PVE::Tools qw($IPV6RE $IPV4RE dir_glob_foreach);
 use PVE::Network;
 
 use Data::Dumper;
@@ -974,23 +974,56 @@ sub update_lxc_config {
     my $shares = $conf->{cpuunits} || 1024;
     $raw .= "lxc.cgroup.cpu.shares = $shares\n";
 
-    my $rootinfo = PVE::LXC::parse_ct_mountpoint($conf->{rootfs});
-    my $volid = $rootinfo->{volume};
-    my ($storage, $volname) = PVE::Storage::parse_volume_id($volid);
-
-    my $scfg = PVE::Storage::storage_config($storage_cfg, $storage);
-    if ($scfg->{type} eq 'dir' || $scfg->{type} eq 'nfs') {
-	my $rootfs = PVE::Storage::path($storage_cfg, $volid);
-	$raw .= "lxc.rootfs = loop:$rootfs\n";
-    } elsif ($scfg->{type} eq 'zfspool') {
-	my $rootfs = PVE::Storage::path($storage_cfg, $volid);
-	$raw .= "lxc.rootfs = $rootfs\n";
-    } elsif ($scfg->{type} eq 'drbd' || $scfg->{type} eq 'rbd') {
-	my $rootdev = PVE::Storage::path($storage_cfg, $volid);
-	$raw .= "lxc.rootfs = $rootdev\n";
-    } else {
-	die "unsupported storage type '$scfg->{type}'\n";
-    }
+    my $bdevs = {};
+    dir_glob_foreach("/sys/dev/block/", '(\d+):(\d+)', sub {
+        my (undef, $major, $minor) = @_;
+	my $bdev = readlink("/sys/dev/block/$major:$minor");
+	$bdev =~ s/\.\.\/\.\.\/devices\/virtual\/block\//\/dev\//;
+	$bdevs->{$bdev} = "$major:$minor";
+    });
+
+    PVE::LXC::foreach_mountpoint($conf, sub {
+	my ($ms, $mountpoint) = @_;
+
+	next if $ms ne 'rootfs' && !$mountpoint->{mp};
+
+	my $volid = $mountpoint->{volume};
+	my ($storage, $volname) = PVE::Storage::parse_volume_id($volid);
+
+	my $scfg = PVE::Storage::storage_config($storage_cfg, $storage);
+
+	my $path = PVE::Storage::path($storage_cfg, $volid);
+
+	if ($scfg->{type} eq 'dir' || $scfg->{type} eq 'nfs') {
+	    if($ms eq 'rootfs') {
+		$path = "loop:$path";
+	    }else {
+		my $loopdev = undef;
+
+		my $parser = sub {
+		    my $line = shift;
+		    $loopdev = $line if $line =~m|^/dev/loop\d+$|;
+		};
+		PVE::Tools::run_command(['losetup', '--find', '--show', $path], outfunc => $parser);
+		$path = $loopdev;
+	    }
+	} elsif ($scfg->{type} eq 'zfspool' || $scfg->{type} eq 'drbd') {
+	   #nothing
+	} elsif ($scfg->{type} eq 'rbd') {
+	    $path = readlink($path);
+	    $path =~ s/\.\.\/\.\.\//\/dev\//;
+	} else {
+	    die "unsupported storage type '$scfg->{type}'\n";
+	}
+
+	$raw .= "lxc.cgroup.devices.allow = b $bdevs->{$path} rwm\n" if $bdevs->{$path};
+
+	if ($ms eq 'rootfs') {
+	    $raw .= "lxc.rootfs = $path\n";
+	}else {
+	    $raw .= "lxc.mount.entry = $path $mountpoint->{mp}\n";
+	}
+    });
 
     my $netcount = 0;
     foreach my $k (keys %$conf) {
-- 
2.1.4


