On Thu, Sep 13, 2012 at 12:30:00AM +0200, Lennart Poettering wrote: > On Thu, 13.09.12 00:25, Kay Sievers (k...@vrfy.org) wrote: > > > > > On Wed, Sep 12, 2012 at 11:54 PM, Lennart Poettering > > <lenn...@poettering.net> wrote: > > > On Wed, 12.09.12 11:51, Daniel P. Berrange (berra...@redhat.com) wrote: > > > > >> NB when libvirt starts an LXC container, it first checks to see whether > > >> the kernel has the container aware reboot() support. If it does not, > > >> then it removes CAP_SYS_REBOOT from the container, to prevent any > > >> accidental whole system reboot. The sf.net LXC tools do the same thing. > > > > > > How do you check that? A version check or can you actually detect this > > > feature explicitly? > > > > "Returning EINVAL is also an easy way to check if this feature is supported > > by the kernel when invoking another 'reboot' option like CAD." > > > > http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=commit;h=cf3f89214ef6a33fad60856bc5ffd7bb2fc4709b > > But that's from inside the container. But LXC would need that from > outside the container?
Oh you just need a quick clone() + reboot() pair to figure that out. See the lxcContainerHasReboot() and lxcContainerRebootChild() methods in the libvirt lxc_container.c file: http://libvirt.org/git/?p=libvirt.git;a=blob;f=src/lxc/lxc_container.c;hb=HEAD#l107 Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
