[pve-devel] [PATCH v4 ct 00/12] mount hotplugging & new mount api

Wolfgang Bumiller w.bumiller at proxmox.com
Wed Nov 20 08:30:55 CET 2019 

Changes to v3:
* Change mount point staging directory from /run/pve/mountpoints to
  /var/lib/lxc/.pve-staged-mounts due to allowed mount paths being
  restricted by the lxc-start apparmor profile.
  (Only affects path 8, the remaining patches are unchanged)

Changes to v2:
* Factor `walk_tree_nofollow` to be usable with fds as starting point.
* Create destination directory entries (this was completely missing in
  the staged code path api).
* Test for new kernel api with `move_mount` instead of `fsopen` since
  we don't actually use `fsopen` currently.
* Factor out `mountpoint_insert_staged()` to be used from the pre-start
  hook & hotplug code (this is where the directory tree creation was
  added)
* Rename vmconfig_apply_pending_mountpoint to just apply_pending_mountpoint.
* Switch into the `/usr/bin/lxc-start` apparmor profile for mount point
  hotplugging. (Otherwise hotplugging can potentially allow more options
  than we can use later at a normal container startup.)

Previous changes from v1 to v2:
* Add a helper to LXC::PVE::Tools to check for availability of the new
  mount api (new patch 1), and use that in the prestart hook and mount
  functions.
* Add a check to the mount hotplug code to not attempt to perform
  hotplugging on older kernels.

Wolfgang Bumiller (12):
  tools: add can_use_new_mount_api helper
  split walk_tree_nofollow to allow a start fd
  implement "staged mountpoints"
  add mountpoint_insert_staged helper
  add open_pid_fd, open_lxc_pid, open_ppid helpers
  split open_namespace out of enter_namespace
  add get_container_namespace helper
  add mount stage directory helpers
  prestart-hook: use staged mountpoints on newer kernels
  config: apply_pending_mountpoint helper
  implement mountpoint hotplugging
  use lxc-start apparmor profile for mount hotplugging

 src/PVE/LXC.pm            | 233 +++++++++++++++++++++++++++++++++++---
 src/PVE/LXC/Config.pm     |  94 ++++++++++-----
 src/PVE/LXC/Tools.pm      |  18 +++
 src/lxc-pve-prestart-hook |  78 +++++++++++--
 4 files changed, 372 insertions(+), 51 deletions(-)

-- 
2.20.1

More information about the pve-devel mailing list