diff options
author | Lennart Poettering <lennart@poettering.net> | 2015-01-14 23:09:02 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2015-01-14 23:18:33 +0100 |
commit | 30535c16924a3da7b47ea87190d929d617d95c5a (patch) | |
tree | a2cd4f490a5a7d71350b31607a690aff42d1077d /src/shared/util.h | |
parent | 805e5dda0a01c99d231824e1a9c4a208418bf342 (diff) |
nspawn: add file system locks for controlling access to container images
This adds three kinds of file system locks for container images:
a) a file system lock next to the actual image, in a .lck file in the
same directory the image is located. This lock has the benefit of
usually being located on the same NFS share as the image itself, and
thus allows locking container images across NFS shares.
b) a file system lock in /run, named after st_dev and st_ino of the
root of the image. This lock has the advantage that it is unique even
if the same image is bind mounted to two different places at the same
time, as the ino/dev stays constant for them.
c) a file system lock that is only taken when a new disk image is about
to be created, that ensures that checking whether the name is already
used across the search path, and actually placing the image is not
interrupted by other code taking the name.
a + b are read-write locks. When a container is booted in read-only mode
a read lock is taken, otherwise a write lock.
Lock b is always taken after a, to avoid ABBA problems.
Lock c is mostly relevant when renaming or cloning images.
Diffstat (limited to 'src/shared/util.h')
-rw-r--r-- | src/shared/util.h | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/shared/util.h b/src/shared/util.h index 5d9637efc0..fdb9fb6ef5 100644 --- a/src/shared/util.h +++ b/src/shared/util.h @@ -550,7 +550,6 @@ bool hostname_is_valid(const char *s) _pure_; char* hostname_cleanup(char *s, bool lowercase); bool machine_name_is_valid(const char *s) _pure_; -bool image_name_is_valid(const char *s) _pure_; char* strshorten(char *s, size_t l); @@ -1080,4 +1079,18 @@ int chattr_path(const char *p, bool b, unsigned mask); int read_attr_fd(int fd, unsigned *ret); int read_attr_path(const char *p, unsigned *ret); +typedef struct LockFile { + char *path; + int fd; + int operation; +} LockFile; + +int make_lock_file(const char *p, int operation, LockFile *ret); +int make_lock_file_for(const char *p, int operation, LockFile *ret); +void release_lock_file(LockFile *f); + +#define _cleanup_release_lock_file_ _cleanup_(release_lock_file) + +#define LOCK_FILE_INIT { .fd = -1, .path = NULL } + #define RLIMIT_MAKE_CONST(lim) ((struct rlimit) { lim, lim }) |