#include <unistd.h>
#include <ctype.h>
#include <sys/resource.h>
-#include <sys/types.h>
#include <fcntl.h>
#define _GNU_SOURCE
#include <sched.h>
#include "vserver.h"
#include "planetlab.h"
-/* defined in netns.c */
-extern uint32_t get_space_flag(xid_t);
-
#ifndef VC_NXC_RAW_SOCKET
# define VC_NXC_RAW_SOCKET 0x00000200ull
#endif
if (vc_tag_create(ctx) == VC_NOCTX)
return -1;
+process:
+
/*
* Create context info - this sets the STATE_SETUP and STATE_INIT flags.
*/
if (vc_ctx_create(ctx, 0) == VC_NOCTX)
return -1;
- if (unshare_flags != 0) {
+ if (unshare_flags != 0) {
unshare(unshare_flags);
unshare_flags |= vc_get_space_mask();
- vc_set_namespace(ctx, unshare_flags);
+ //printf("vc_set_namespace(%d, %X)\n", ctx, unshare_flags);
+ //vc_set_namespace(ctx, unshare_flags);
}
/* Set capabilities - these don't take effect until SETUP flag is unset */
#define RETRY_LIMIT 10
int
-pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr)
+pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr,
+ int unshare_netns)
{
int retry_count = 0;
int net_migrated = 0;
-
+
if (pl_set_ulimits(slr) != 0)
return -1;
if (vc_get_cflags(ctx, &vc_flags))
{
- uint32_t unshare_flags;
+ uint32_t unshare_flags;
if (errno != ESRCH)
return -1;
- /* Unshare the net namespace if the slice if requested in the local slice configuration */
- unshare_flags = get_space_flag(ctx);
+ /* Always unshare the net namespace for a new context */
+ unshare_flags = CLONE_NEWNET;
/* context doesn't exist - create it */
if (create_context(ctx, bcaps, unshare_flags))
migrate:
if (net_migrated || !vc_net_migrate(ctx))
{
- uint32_t unshare_flags;
- /* Unshare the net namespace if the slice if requested in the local slice configuration */
- unshare_flags = get_space_flag(ctx);
- if (unshare_flags != 0) {
- unshare_flags |=vc_get_space_mask();
- vc_enter_namespace(ctx, unshare_flags);
- }
+ uint32_t unshare_flags;
+
+ /* Unshare the net namespace if requested in the slice config */
+ unshare_flags = unshare_netns ? CLONE_NEWNET : 0;
+
+ if (unshare_flags != 0) {
+ unshare_flags |=vc_get_space_mask();
+ //printf("vc_enter_namespace(%d, %X)\n", ctx, unshare_flags);
+ //vc_enter_namespace(ctx, unshare_flags);
+ }
if (!vc_tag_migrate(ctx) && !vc_ctx_migrate(ctx, 0))
break; /* done */
};
struct pl_resources {
- char *name;
- unsigned type;
+ char *name;
+ unsigned type;
union {
unsigned long long *limit;
unsigned long int *personality;
{
FILE *fb;
int cwd;
+ size_t len = strlen(VSERVERCONF) + strlen(context) + NULLBYTE_SIZE;
+ char *conf = (char *)malloc(len + strlen("rlimits/openfd.hard"));
struct pl_resources *r;
-
struct pl_resources sliver_list[] = {
{"sched/fill-rate2", TYPE_LONG, &slr->vs_cpu},
{"rlimits/as.soft", TYPE_LONG, &slr->vs_as.soft},
{"rlimits/as.min", TYPE_LONG, &slr->vs_as.min},
- {"rlimits/nofile.hard", TYPE_LONG, &slr->vs_nofile.hard},
- {"rlimits/nofile.soft", TYPE_LONG, &slr->vs_nofile.soft},
- {"rlimits/nofile.min", TYPE_LONG, &slr->vs_nofile.min},
-
- {"rlimits/memlock.hard", TYPE_LONG, &slr->vs_memlock.hard},
- {"rlimits/memlock.soft", TYPE_LONG, &slr->vs_memlock.soft},
- {"rlimits/memlock.min", TYPE_LONG, &slr->vs_memlock.min},
+ {"rlimits/openfd.hard", TYPE_LONG, &slr->vs_openfd.hard},
+ {"rlimits/openfd.soft", TYPE_LONG, &slr->vs_openfd.soft},
+ {"rlimits/openfd.min", TYPE_LONG, &slr->vs_openfd.min},
{"personality", TYPE_PERS, &slr->personality},
{0,0}
};
- size_t len = strlen(VSERVERCONF) + strlen(context) + NULLBYTE_SIZE;
- char *conf = (char *)malloc(len);
sprintf(conf, "%s%s", VSERVERCONF, context);
slr->vs_rss.hard = VC_LIM_KEEP;
slr->vs_nproc.soft = VC_LIM_KEEP;
slr->vs_nproc.min = VC_LIM_KEEP;
- slr->vs_nofile.hard = VC_LIM_KEEP;
- slr->vs_nofile.soft = VC_LIM_KEEP;
- slr->vs_nofile.min = VC_LIM_KEEP;
-
- slr->vs_memlock.hard = VC_LIM_KEEP;
- slr->vs_memlock.soft = VC_LIM_KEEP;
- slr->vs_memlock.min = VC_LIM_KEEP;
+ slr->vs_openfd.hard = VC_LIM_KEEP;
+ slr->vs_openfd.soft = VC_LIM_KEEP;
+ slr->vs_openfd.min = VC_LIM_KEEP;
slr->personality = 0;
buf[len-1]='\0';
len --;
}
- if (r->type == TYPE_LONG) {
- int val;
- char *res=0;
- errno=0;
- val = strtol(buf,&res,0);
- if ( !( (val==0 && res) || (errno!=0) ) )
- *r->limit = val;
+ if ( (r->type == TYPE_LONG) && isdigit(*buf)) {
+ *r->limit = atoi(buf);
} else if ( (r->type == TYPE_PERS) && isalpha(*buf)) {
unsigned long int res;
res = vc_str2personalitytype(buf,len);
fclose(fb);
}
- (void)fchdir(cwd);
+ fchdir(cwd);
out_fd:
close(cwd);
out:
set_one_ulimit(RLIMIT_RSS, &slr->vs_rss);
set_one_ulimit(RLIMIT_AS, &slr->vs_as);
set_one_ulimit(RLIMIT_NPROC, &slr->vs_nproc);
- set_one_ulimit(RLIMIT_NOFILE, &slr->vs_nofile);
- set_one_ulimit(RLIMIT_MEMLOCK, &slr->vs_memlock);
+ set_one_ulimit(RLIMIT_NOFILE, &slr->vs_openfd);
return set_personality(slr->personality);
}