Changes to v2: * Factor `walk_tree_nofollow` to be usable with fds as starting point. * Create destination directory entries (this was completely missing in the staged code path api). * Test for new kernel api with `move_mount` instead of `fsopen` since we don't actually use `fsopen` currently. * Factor out `mountpoint_insert_staged()` to be used from the pre-start hook & hotplug code (this is where the directory tree creation was added) * Rename vmconfig_apply_pending_mountpoint to just apply_pending_mountpoint. * Switch into the `/usr/bin/lxc-start` apparmor profile for mount point hotplugging. (Otherwise hotplugging can potentially allow more options than we can use later at a normal container startup.)
Previous changes from v1 to v2: * Add a helper to LXC::PVE::Tools to check for availability of the new mount api (new patch 1), and use that in the prestart hook and mount functions. * Add a check to the mount hotplug code to not attempt to perform hotplugging on older kernels. Wolfgang Bumiller (12): tools: add can_use_new_mount_api helper split walk_tree_nofollow to allow a start fd implement "staged mountpoints" add mountpoint_insert_staged helper add open_pid_fd, open_lxc_pid, open_ppid helpers split open_namespace out of enter_namespace add get_container_namespace helper add mount stage directory helpers prestart-hook: use staged mountpoints on newer kernels config: apply_pending_mountpoint helper implement mountpoint hotplugging use lxc-start apparmor profile for mount hotplugging src/PVE/LXC.pm | 232 +++++++++++++++++++++++++++++++++++--- src/PVE/LXC/Config.pm | 94 ++++++++++----- src/PVE/LXC/Tools.pm | 18 +++ src/lxc-pve-prestart-hook | 78 +++++++++++-- 4 files changed, 371 insertions(+), 51 deletions(-) -- 2.20.1 _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel