В Чт, 28/05/2015 в 12:26 +0300, Cyrill Gorcunov пишет: > Currently we allow to setup new VE features and iptables mask even > when container is already running which brings some vague meaning > into container state -- from user point of view it's unclean if > the @features or @iptables belong the running container or they > were modified after and don't really apply to the running > instance. > > Thus when user space tools modify these members make sure > the container is offline. > > Reported-by: Kirill Tkhai <[email protected]> > Signed-off-by: Cyrill Gorcunov <[email protected]> > CC: Vladimir Davydov <[email protected]> > CC: Konstantin Khorenko <[email protected]> > CC: Pavel Emelyanov <[email protected]> > CC: Andrey Vagin <[email protected]>
Acked-by: Kirill Tkhai <[email protected]> > --- > kernel/ve/ve.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > Index: linux-pcs7.git/kernel/ve/ve.c > =================================================================== > --- linux-pcs7.git.orig/kernel/ve/ve.c > +++ linux-pcs7.git/kernel/ve/ve.c > @@ -1108,11 +1108,19 @@ static u64 ve_read_u64(struct cgroup *cg > > static int ve_write_u64(struct cgroup *cg, struct cftype *cft, u64 value) > { > + struct ve_struct *ve = cgroup_ve(cg); > + > if (!ve_is_super(get_exec_env())) > return -EPERM; > > + down_write(&ve->op_sem); > + if (ve->is_running || ve->ve_ns) { > + up_write(&ve->op_sem); > + return -EBUSY; > + } > + > if (cft->private == VE_CF_FEATURES) > - cgroup_ve(cg)->features = value; > + ve->features = value; > else if (cft->private == VE_CF_IPTABLES_MASK) { > value &= ~VE_IP_IPTABLES6; > value &= ~VE_IP_FILTER6; > @@ -1131,9 +1139,10 @@ static int ve_write_u64(struct cgroup *c > if (mask_ipt_allow(value, VE_IP_CONNTRACK)) > value |= VE_NF_CONNTRACK; > > - cgroup_ve(cg)->ipt_mask = value; > + ve->ipt_mask = value; > } > > + up_write(&ve->op_sem); > return 0; > } > _______________________________________________ Devel mailing list [email protected] https://lists.openvz.org/mailman/listinfo/devel
