Kir, This is a slightly modified shot at the container fixups. First patch makes us more resilient, since by being isolated by the mount namespaces, we no longer have problems with leaking mounts. I identified one of those problems today, and patch #1 in this series fixes it.
Patch #2 is the rebase of the fixups scripts patches taking this into account. With patch #3, we provide a host-side fixup (so no guest scripts) for all PAM-based distros, overriding PAM loginuid session decisions. That module is only used for the audit subsystem, which is not present in containers (and it is not clear if it will ever be) With this patches, I can successfully run vzctl enter and ssh into containers running totally unmodified kernels for: centos, ubuntu and suse. Please comment Glauber Costa (3): hooks_ct: create devices inside container allow for distro-specific fix ups at creation time. hooks_ct: trick PAM to not bail out in loginuid failures etc/dists/redhat.conf | 1 + etc/dists/scripts/fixups.sh | 43 ++++++++++++++++++++++ include/dist.h | 2 ++ include/env.h | 3 +- src/lib/dist.c | 10 +++++- src/lib/env.c | 10 +++--- src/lib/exec.c | 2 +- src/lib/hooks_ct.c | 87 ++++++++++++++++++++++++++++++++++++++++++--- 8 files changed, 147 insertions(+), 11 deletions(-) create mode 100755 etc/dists/scripts/fixups.sh -- 1.7.11.7 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
