lxc-ls: Fix support of --nesting for unpriv
This reworks the way lxc-ls works in nesting mode. In the past it'd use
attach_wait's subprocess function to call itself in the container's
namespace, carefully only attaching to the namespaces it needed.
This works great for system containers but not so much as soon as you
also need to attach to userns. Instead this fix moves all of the
container listing code into a get_containers function (hence the massive
diff, sorry), this function is then called recursively.
For running containers, the function is called through attach_wait
inside the container's namespace, for stopped container, the function is
simply called recursively with a base path (container's rootfs) in an
attempt to find containers that way.
Communication between the parent lxc-ls and the child lxc-ls is done
through a temporary fd and serialized state using json (similar to what
was done using stdout in the previous implementation).
As get_global_config_item unfortunately caches the values, there's no
easy way to figure out what the lxcpath should be for a root container
when running as non-root, so just use @LXCPATH@ for now and have
python do the parsing itself.
As a result, the following things now work as expected:
- listing nested unprivileged containers (root containers inside unpriv)
- listing nested containers when they're not running
- filtering containers in nesting mode (only the first level is filtered)
- copy with invalid config (used to traceback)
Signed-off-by: 
Stéphane Graber <stgraber@ubuntu.com>
Acked-by: 
Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Showing
This diff is collapsed.
Click to expand it.
Please
register
or
sign in
to comment