[lxc-devel] share_via_fs patch for 2.6.33 ?
Hello mailing list,
Daniel Lezcano wrote a patch to make it possible to connect to a unix
domain socket, which belongs to another network namespace.
The patch from Daniel Lezcano is as follows:
snip-8<---
Subject: share af_unix socket through fs
From: Daniel Lezcano
This patch allows to connect to a socket belonging to another
network namespace but visible via the file system.
The 'host' network namespace has to allow another network
namespace to use its sockets via sysctl:
echo 1 > /proc/sys/net/unix/share_via_fs
Signed-off-by: Daniel Lezcano
---
include/linux/sysctl.h |1 +
include/net/netns/unix.h |1 +
kernel/sysctl_check.c |1 +
net/unix/af_unix.c |4 +++-
net/unix/sysctl_net_unix.c |9 +
5 files changed, 15 insertions(+), 1 deletion(-)
Index: linux-2.6/include/net/netns/unix.h
===
--- linux-2.6.orig/include/net/netns/unix.h
+++ linux-2.6/include/net/netns/unix.h
@@ -7,6 +7,7 @@
struct ctl_table_header;
struct netns_unix {
int sysctl_max_dgram_qlen;
+ boolsysctl_share_via_fs;
struct ctl_table_header *ctl;
};
Index: linux-2.6/net/unix/af_unix.c
===
--- linux-2.6.orig/net/unix/af_unix.c
+++ linux-2.6/net/unix/af_unix.c
@@ -292,7 +292,8 @@ static struct sock *unix_find_socket_byi
&unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
struct dentry *dentry = unix_sk(s)->dentry;
- if (!net_eq(sock_net(s), net))
+ if (!sock_net(s)->unx.sysctl_share_via_fs &&
+ !net_eq(sock_net(s), net))
continue;
if (dentry && dentry->d_inode == i) {
@@ -2228,6 +2229,7 @@ static int unix_net_init(struct net *net
int error = -ENOMEM;
net->unx.sysctl_max_dgram_qlen = 10;
+ net->unx.sysctl_share_via_fs = false;
if (unix_sysctl_register(net))
goto out;
Index: linux-2.6/net/unix/sysctl_net_unix.c
===
--- linux-2.6.orig/net/unix/sysctl_net_unix.c
+++ linux-2.6/net/unix/sysctl_net_unix.c
@@ -23,6 +23,14 @@ static ctl_table unix_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
+ {
+ .ctl_name = NET_UNIX_SHARE_VIA_FS,
+ .procname = "share_via_fs",
+ .data = &init_net.unx.sysctl_share_via_fs,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec
+ },
{ .ctl_name = 0 }
};
@@ -41,6 +49,7 @@ int unix_sysctl_register(struct net *net
goto err_alloc;
table[0].data = &net->unx.sysctl_max_dgram_qlen;
+ table[1].data = &net->unx.sysctl_share_via_fs;
net->unx.ctl = register_net_sysctl_table(net, unix_path, table);
if (net->unx.ctl == NULL)
goto err_reg;
Index: linux-2.6/include/linux/sysctl.h
===
--- linux-2.6.orig/include/linux/sysctl.h
+++ linux-2.6/include/linux/sysctl.h
@@ -297,6 +297,7 @@ enum
NET_UNIX_DESTROY_DELAY=1,
NET_UNIX_DELETE_DELAY=2,
NET_UNIX_MAX_DGRAM_QLEN=3,
+ NET_UNIX_SHARE_VIA_FS=4,
};
/* /proc/sys/net/netfilter */
Index: linux-2.6/kernel/sysctl_check.c
===
--- linux-2.6.orig/kernel/sysctl_check.c
+++ linux-2.6/kernel/sysctl_check.c
@@ -169,6 +169,7 @@ static const struct trans_ctl_table tran
/* NET_UNIX_DESTROY_DELAY unused */
/* NET_UNIX_DELETE_DELAY unused */
{ NET_UNIX_MAX_DGRAM_QLEN, "max_dgram_qlen" },
+ { NET_UNIX_SHARE_VIA_FS,"share_via_fs" },
{}
};
snap->8---
With the kernel version 2.6.33 this patch doesn't work anymore as you
can see here:
snip-8<---
u...@host:/usr/src/linux-2.6.33# patch -p1 <
../share-af-unix-socket-sysctl.patch
patching file include/net/netns/unix.h
patching file net/unix/af_unix.c
Hunk #2 succeeded at 2230 (offset 1 line).
patching file net/unix/sysctl_net_unix.c
Hunk #1 FAILED at 23.
Hunk #2 succeeded at 48 (offset -1 lines).
1 out of 2 hunks FAILED -- saving rejects to file
net/unix/sysctl_net_unix.c.rej
patching file include/linux/sysctl.h
Hunk #1 succeeded at 288 (offset -9 lines).
patching file kernel/sysctl_check.c
Hunk #1 FAILED at 169.
1 out of 1 hunk FAILED -- saving rejects to file kernel/sysctl_check.c.rej
snap->8---
Does anybody know if an updated version of this patc
Re: [lxc-devel] share_via_fs patch for 2.6.33 ?
Julian Thomé wrote:
Hello mailing list,
Daniel Lezcano wrote a patch to make it possible to connect to a unix
domain socket, which belongs to another network namespace.
The patch from Daniel Lezcano is as follows:
I refreshed it against 2.6.33 and put in attachment. Compiled but not
tested ;)
Hope that helps.
-- Daniel
Subject: share af_unix socket through fs
From: Daniel Lezcano
This patch allows to connect to a socket belonging to another
network namespace but visible via the file system.
The 'host' network namespace has to allow another network
namespace to use its sockets via sysctl:
echo 1 > /proc/sys/net/unix/share_via_fs
Signed-off-by: Daniel Lezcano
---
include/linux/sysctl.h |1 +
include/net/netns/unix.h |1 +
net/unix/af_unix.c |4 +++-
net/unix/sysctl_net_unix.c |8
4 files changed, 13 insertions(+), 1 deletion(-)
Index: linux-2.6/include/net/netns/unix.h
===
--- linux-2.6.orig/include/net/netns/unix.h
+++ linux-2.6/include/net/netns/unix.h
@@ -7,6 +7,7 @@
struct ctl_table_header;
struct netns_unix {
int sysctl_max_dgram_qlen;
+ boolsysctl_share_via_fs;
struct ctl_table_header *ctl;
};
Index: linux-2.6/net/unix/af_unix.c
===
--- linux-2.6.orig/net/unix/af_unix.c
+++ linux-2.6/net/unix/af_unix.c
@@ -292,7 +292,8 @@ struct sock *unix_find_socket_byinode(st
&unix_socket_table[i->i_ino & (UNIX_HASH_SIZE - 1)]) {
struct dentry *dentry = unix_sk(s)->dentry;
- if (!net_eq(sock_net(s), net))
+ if (!sock_net(s)->unx.sysctl_share_via_fs &&
+ !net_eq(sock_net(s), net))
continue;
if (dentry && dentry->d_inode == i) {
@@ -2229,6 +2230,7 @@ static int unix_net_init(struct net *net
int error = -ENOMEM;
net->unx.sysctl_max_dgram_qlen = 10;
+ net->unx.sysctl_share_via_fs = false;
if (unix_sysctl_register(net))
goto out;
Index: linux-2.6/net/unix/sysctl_net_unix.c
===
--- linux-2.6.orig/net/unix/sysctl_net_unix.c
+++ linux-2.6/net/unix/sysctl_net_unix.c
@@ -22,6 +22,13 @@ static ctl_table unix_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
+ {
+ .procname = "share_via_fs",
+ .data = &init_net.unx.sysctl_share_via_fs,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec
+ },
{ }
};
@@ -40,6 +47,7 @@ int unix_sysctl_register(struct net *net
goto err_alloc;
table[0].data = &net->unx.sysctl_max_dgram_qlen;
+ table[1].data = &net->unx.sysctl_share_via_fs;
net->unx.ctl = register_net_sysctl_table(net, unix_path, table);
if (net->unx.ctl == NULL)
goto err_reg;
Index: linux-2.6/include/linux/sysctl.h
===
--- linux-2.6.orig/include/linux/sysctl.h
+++ linux-2.6/include/linux/sysctl.h
@@ -289,6 +289,7 @@ enum
NET_UNIX_DESTROY_DELAY=1,
NET_UNIX_DELETE_DELAY=2,
NET_UNIX_MAX_DGRAM_QLEN=3,
+ NET_UNIX_SHARE_VIA_FS=4,
};
/* /proc/sys/net/netfilter */
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] OOPS on lxc-stop
On Mon, Apr 12, 2010 at 11:34:16AM +0200, Daniel Lezcano wrote: > At the first glance I would say it is related to the FAIR_SCHEDULER. Here is the full stack trace: http://img-fotki.yandex.ru/get/4210/wrar.4a/0_3a641_f9a80e04_XL > Does sysrq + t show something ? Or the host is definitively stuck ? No, even sysrq+b doesn't work. -- WBR, wRAR (ALT Linux Team) signature.asc Description: Digital signature -- Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] LXC crash
Elias Olivares wrote:
> Hello,
>
> Here a new lxc critical crash :
>
> I've created an LXC container and when I download something on the web (using
> wget) the host crash and an error message appears on the screen.
> Unfortunately all is installed on a dedicated server and I only can do a
> screenshot of the call stack. (provided on email attachement).
>
> More information about this crash :
>
> I use a debian Squeeze 64bits with the 2.6.32 kernel and LXC v 0.6.5
>
> My lxc config file :
>
> lxc.utsname =
> lxc.tty = 9
> lxc.pts = 1024
> lxc.network.type = veth
> lxc.network.flags = up
> lxc.network.link = br0
> lxc.network.name = eth0
> lxc.network.mtu = 1500
> lxc.network.hwaddr = C6:E9:94:1B:07:71
> #lxc.mount = $MNTFILE
> lxc.rootfs =
> lxc.cgroup.devices.deny = a
> # /dev/null and zero
> lxc.cgroup.devices.allow = c 1:3 rwm
> lxc.cgroup.devices.allow = c 1:5 rwm
> # consoles
> lxc.cgroup.devices.allow = c 5:1 rwm
> lxc.cgroup.devices.allow = c 5:0 rwm
> lxc.cgroup.devices.allow = c 4:0 rwm
> lxc.cgroup.devices.allow = c 4:1 rwm
> # /dev/{,u}random
> lxc.cgroup.devices.allow = c 1:9 rwm
> lxc.cgroup.devices.allow = c 1:8 rwm
> lxc.cgroup.devices.allow = c 136:* rwm
> lxc.cgroup.devices.allow = c 5:2 rwm
> # rtc
> lxc.cgroup.devices.allow = c 254:0 rwm
>
Hi Elias,
what is the network configuration of the host ? I see you are using a
bridge. Is there any ebtables rules ?
Thanks
-- Daniel
--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
