From 78394b9185f06295c0ba9f1366c03f7244071f64 Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Mon, 9 Oct 2017 15:28:21 +0530 Subject: [PATCH 1/2] Removing the dependency on 9pfs Signed-off-by: Harshal Patil --- src/container.c | 13 +++++++++++-- src/init.c | 4 +++- src/portmapping.c | 5 +++++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/src/container.c b/src/container.c index 0938d822..b18fe6e5 100644 --- a/src/container.c +++ b/src/container.c @@ -579,6 +579,7 @@ static int hyper_setup_container_rootfs(void *data) goto fail; } + sprintf(rootfs, "%s/%s/", root, container->rootfs); if (container->fstype) { char dev[128]; char *options = NULL; @@ -614,10 +615,17 @@ static int hyper_setup_container_rootfs(void *data) sprintf(path, "%s/%s/", SHARED_DIR, container->image); fprintf(stdout, "src directory %s\n", path); - if (mount(path, root, NULL, MS_BIND, NULL) < 0) { + hyper_mkdir(rootfs, 0755); + if (mount("/dev/sda", rootfs, "ext4", MS_MGC_VAL| MS_NODEV, "") < 0) { perror("mount src dir failed"); goto fail; } + +// if (mount(path, root, NULL, MS_BIND, NULL) < 0) { +// perror("mount src dir failed"); +// goto fail; +// } + if (container->readonly && mount(NULL, root, NULL, MS_BIND | MS_REMOUNT | MS_RDONLY, NULL) < 0) { perror("mount src dir readonly failed"); goto fail; @@ -627,7 +635,8 @@ static int hyper_setup_container_rootfs(void *data) fprintf(stdout, "root directory for container is %s/%s, init task %s\n", root, container->rootfs, container->exec.argv[0]); - sprintf(rootfs, "%s/%s/", root, container->rootfs); +// sprintf(rootfs, "%s/%s/", root, container->rootfs); + if (mount(rootfs, rootfs, NULL, MS_BIND|MS_REC, NULL) < 0) { perror("failed to bind rootfs"); goto fail; diff --git a/src/init.c b/src/init.c index 782b23fd..ac04ec1b 100644 --- a/src/init.c +++ b/src/init.c @@ -508,7 +508,8 @@ static int hyper_setup_shared(struct hyper_pod *pod) if (is_xen) ret = mount(pod->share_tag, SHARED_DIR, "9p", MS_NODEV, "trans=xen"); else - ret = mount(pod->share_tag, SHARED_DIR, "9p", MS_MGC_VAL| MS_NODEV, "trans=virtio"); + //ret = mount(pod->share_tag, SHARED_DIR, "9p", MS_MGC_VAL| MS_NODEV, "trans=virtio"); + ret = 0; if (ret < 0) { perror("fail to mount shared dir"); @@ -792,6 +793,7 @@ static int hyper_open_container_file(void *data) struct hyper_file_arg *arg = data; int fd = -1, ret = -1, size; + if (setns(arg->mntns, CLONE_NEWNS) < 0) { perror("fail to enter container ns"); goto exit; diff --git a/src/portmapping.c b/src/portmapping.c index c9f9a6f6..6d7e681c 100644 --- a/src/portmapping.c +++ b/src/portmapping.c @@ -167,6 +167,11 @@ int hyper_setup_portmapping(struct hyper_pod *pod) int hyper_setup_container_portmapping(struct hyper_container *c, struct hyper_pod *pod) { // only allow network request from internal white list + + //disabling it for now + return 0; + + int i = 0, j = 0; char rule[128] = {0}; char iptables_restore[512]; From 70fc8947885746280c41cbc24a6440a8d0233e41 Mon Sep 17 00:00:00 2001 From: Harshal Patil Date: Tue, 24 Oct 2017 14:17:54 +0530 Subject: [PATCH 2/2] dynamically select 9pfs or no 9pfs Signed-off-by: Harshal Patil --- src/container.c | 21 ++++++++++++--------- src/init.c | 4 +--- src/portmapping.c | 10 +++++++--- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/src/container.c b/src/container.c index b18fe6e5..e620f76c 100644 --- a/src/container.c +++ b/src/container.c @@ -615,16 +615,20 @@ static int hyper_setup_container_rootfs(void *data) sprintf(path, "%s/%s/", SHARED_DIR, container->image); fprintf(stdout, "src directory %s\n", path); - hyper_mkdir(rootfs, 0755); - if (mount("/dev/sda", rootfs, "ext4", MS_MGC_VAL| MS_NODEV, "") < 0) { - perror("mount src dir failed"); - goto fail; + + if (arg->pod->share_tag == NULL) { + hyper_mkdir(rootfs, 0755); + if (mount("/dev/sda", rootfs, "ext4", MS_MGC_VAL| MS_NODEV, "") < 0) { + perror("mount src dir failed"); + goto fail; + } + } else { + if (mount(path, root, NULL, MS_BIND, NULL) < 0) { + perror("mount src dir failed"); + goto fail; + } } -// if (mount(path, root, NULL, MS_BIND, NULL) < 0) { -// perror("mount src dir failed"); -// goto fail; -// } if (container->readonly && mount(NULL, root, NULL, MS_BIND | MS_REMOUNT | MS_RDONLY, NULL) < 0) { perror("mount src dir readonly failed"); @@ -635,7 +639,6 @@ static int hyper_setup_container_rootfs(void *data) fprintf(stdout, "root directory for container is %s/%s, init task %s\n", root, container->rootfs, container->exec.argv[0]); -// sprintf(rootfs, "%s/%s/", root, container->rootfs); if (mount(rootfs, rootfs, NULL, MS_BIND|MS_REC, NULL) < 0) { perror("failed to bind rootfs"); diff --git a/src/init.c b/src/init.c index 5fba4b4a..d9f39bff 100644 --- a/src/init.c +++ b/src/init.c @@ -448,8 +448,7 @@ static int hyper_setup_shared(struct hyper_pod *pod) if (is_xen) ret = mount(pod->share_tag, SHARED_DIR, "9p", MS_NODEV, "trans=xen"); else - //ret = mount(pod->share_tag, SHARED_DIR, "9p", MS_MGC_VAL| MS_NODEV, "trans=virtio"); - ret = 0; + ret = mount(pod->share_tag, SHARED_DIR, "9p", MS_MGC_VAL| MS_NODEV, "trans=virtio"); if (ret < 0) { perror("fail to mount shared dir"); @@ -732,7 +731,6 @@ static int hyper_open_container_file(void *data) struct hyper_file_arg *arg = data; int fd = -1, ret = -1, size; - if (setns(arg->mntns, CLONE_NEWNS) < 0) { perror("fail to enter container ns"); goto exit; diff --git a/src/portmapping.c b/src/portmapping.c index 6d7e681c..ef6a90f2 100644 --- a/src/portmapping.c +++ b/src/portmapping.c @@ -168,9 +168,13 @@ int hyper_setup_container_portmapping(struct hyper_container *c, struct hyper_po { // only allow network request from internal white list - //disabling it for now - return 0; - + //Disabling it for now for no 9p case. + //TODO - iptables file is generated after VM is booted, + //so this needs to be addressed later by rearranging the way + //iptables file is generated. + if (pod->share_tag == NULL) { + return 0; + } int i = 0, j = 0; char rule[128] = {0};