added support for MEMLOCK rlimit

[util-vserver-pl.git] / src / planetlab.c

diff --git a/src/planetlab.c b/src/planetlab.c
index 2abd733..90ba4dd 100644 (file)
--- a/src/planetlab.c
+++ b/src/planetlab.c
@@ -61,12 +61,11 @@ POSSIBILITY OF SUCH DAMAGE.
 #endif
 
 static int
-create_context(xid_t ctx, uint64_t bcaps)
+create_context(xid_t ctx, uint64_t bcaps, uint32_t unshare_flags)
 {
   struct vc_ctx_caps   vc_caps;
   struct vc_net_flags  vc_nf;
   struct vc_net_caps   vc_ncaps;
-  uint32_t unshare_mask;
 
   /* Create network context */
   if (vc_net_create(ctx) == VC_NOCTX) {
@@ -98,11 +97,10 @@ process:
   if (vc_ctx_create(ctx, 0) == VC_NOCTX)
     return -1;
 
-  /* Unshare the net namespace if the slice if requested in the local slice configuration */
-  unshare_mask = get_space_flag(ctx);
-  if (unshare_mask != 0) {
-      sys_unshare(unshare_mask);
-      vc_set_namespace(ctx, unshare_mask);
+    if (unshare_flags != 0) {
+      unshare(unshare_flags);
+      unshare_flags |= vc_get_space_mask();
+      vc_set_namespace(ctx, unshare_flags);
   }
 
   /* Set capabilities - these don't take effect until SETUP flag is unset */
@@ -154,11 +152,15 @@ pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr)
 
       if (vc_get_cflags(ctx, &vc_flags))
        {
+        uint32_t unshare_flags;
          if (errno != ESRCH)
            return -1;
 
+       /* Unshare the net namespace if the slice if requested in the local slice configuration */
+        unshare_flags = get_space_flag(ctx);
+
          /* context doesn't exist - create it */
-         if (create_context(ctx, bcaps))
+         if (create_context(ctx, bcaps, unshare_flags))
            {
              if (errno == EEXIST)
                /* another process beat us in a race */
@@ -190,10 +192,12 @@ pl_chcontext(xid_t ctx, uint64_t bcaps, const struct sliver_resources *slr)
     migrate:
       if (net_migrated || !vc_net_migrate(ctx))
        {
+        uint32_t unshare_flags;
       /* Unshare the net namespace if the slice if requested in the local slice configuration */
-      unshare_mask = get_space_flag(ctx);
-      if (unshare_mask != 0) {
-          vc_enter_namespace(ctx, unshare_mask);
+      unshare_flags = get_space_flag(ctx);
+      if (unshare_flags != 0) {
+          unshare_flags |=vc_get_space_mask();
+          vc_enter_namespace(ctx, unshare_flags);
       }
 
          if (!vc_tag_migrate(ctx) && !vc_ctx_migrate(ctx, 0))
@@ -296,6 +300,10 @@ pl_get_limits(const char *context, struct sliver_resources *slr)
     {"rlimits/openfd.soft", TYPE_LONG, &slr->vs_openfd.soft},
     {"rlimits/openfd.min", TYPE_LONG, &slr->vs_openfd.min},
 
+    {"rlimits/memlock.hard", TYPE_LONG, &slr->vs_memlock.hard},
+    {"rlimits/memlock.soft", TYPE_LONG, &slr->vs_memlock.soft},
+    {"rlimits/memlock.min", TYPE_LONG, &slr->vs_memlock.min},
+
     {"personality", TYPE_PERS, &slr->personality},
 
     {0,0}
@@ -319,6 +327,10 @@ pl_get_limits(const char *context, struct sliver_resources *slr)
   slr->vs_openfd.soft = VC_LIM_KEEP;
   slr->vs_openfd.min = VC_LIM_KEEP;
 
+  slr->vs_memlock.hard = VC_LIM_KEEP;
+  slr->vs_memlock.soft = VC_LIM_KEEP;
+  slr->vs_memlock.min = VC_LIM_KEEP;
+
   slr->personality = 0;
 
   cwd = open(".", O_RDONLY);
@@ -434,5 +446,6 @@ pl_set_ulimits(const struct sliver_resources *slr)
   set_one_ulimit(RLIMIT_AS, &slr->vs_as);
   set_one_ulimit(RLIMIT_NPROC, &slr->vs_nproc);
   set_one_ulimit(RLIMIT_NOFILE, &slr->vs_openfd);
+  set_one_ulimit(RLIMIT_MEMLOCK, &slr->vs_memlock);
   return set_personality(slr->personality);
 }