[systemd-devel] [PATCH] shutdown: do reboot() for openvz container
Daniel P. Berrange
berrange at redhat.com
Thu Sep 13 00:58:42 PDT 2012
On Thu, Sep 13, 2012 at 12:30:00AM +0200, Lennart Poettering wrote:
> On Thu, 13.09.12 00:25, Kay Sievers (kay at vrfy.org) wrote:
>
> >
> > On Wed, Sep 12, 2012 at 11:54 PM, Lennart Poettering
> > <lennart at poettering.net> wrote:
> > > On Wed, 12.09.12 11:51, Daniel P. Berrange (berrange at redhat.com) wrote:
> >
> > >> NB when libvirt starts an LXC container, it first checks to see whether
> > >> the kernel has the container aware reboot() support. If it does not,
> > >> then it removes CAP_SYS_REBOOT from the container, to prevent any
> > >> accidental whole system reboot. The sf.net LXC tools do the same thing.
> > >
> > > How do you check that? A version check or can you actually detect this
> > > feature explicitly?
> >
> > "Returning EINVAL is also an easy way to check if this feature is supported
> > by the kernel when invoking another 'reboot' option like CAD."
> >
> > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=cf3f89214ef6a33fad60856bc5ffd7bb2fc4709b
>
> But that's from inside the container. But LXC would need that from
> outside the container?
Oh you just need a quick clone() + reboot() pair to figure that out. See
the lxcContainerHasReboot() and lxcContainerRebootChild() methods in
the libvirt lxc_container.c file:
http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/lxc/lxc_container.c;hb=HEAD#l107
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the systemd-devel
mailing list