Add support for guest bind mounts with LXC

Currently you can configure LXC to bind a host directory to
a guest directory, but not to bind a guest directory to a
guest directory. While the guest container init could do
this itself, allowing it in the libvirt XML means a stricter
SELinux policy can be written

diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
index c13916ae2b8c5a13474c9d6be3c05d346ee5579c..94c555f221af988a120c916d881924ae12a419a1 100644 (file)
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1639,6 +1639,11 @@
           which gives the memory usage limit in kibibytes. Only used
           by LXC driver.
           <span class="since"> (since 0.9.13)</span></dd>
+        <dt><code>type='bind'></code></dt>
+        <dd>
+          A directory inside the guest will be bound to another
+          directory inside the guest. Only used by LXC driver
+          <span class="since"> (since 0.9.13)</span></dd>
         </dl>
 
       The filesystem block has an optional attribute <code>accessmode</code>

diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
index 7f0cfe89cf6b4414312efd5a6bb5593fc5a8e385..912a1a22a899ae4a4a97db785cacdf5c5c29df53 100644 (file)
--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1277,6 +1277,21 @@
             </optional>
           </interleave>
         </group>
+        <group>
+          <optional>
+            <attribute name="type">
+              <value>bind</value>
+            </attribute>
+          </optional>
+          <interleave>
+            <element name="source">
+              <attribute name="dir">
+                <ref name="absFilePath"/>
+              </attribute>
+              <empty/>
+            </element>
+          </interleave>
+        </group>
         <group>
           <attribute name="type">
             <value>template</value>

diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 774334068c586cb1aa08ae53103098f53b67792b..1dda4ec32ad880b95a02ada385eef357d86dabe4 100644 (file)
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -265,7 +265,8 @@ VIR_ENUM_IMPL(virDomainFS, VIR_DOMAIN_FS_TYPE_LAST,
               "block",
               "file",
               "template",
-              "ram")
+              "ram",
+              "bind")
 
 VIR_ENUM_IMPL(virDomainFSDriverType, VIR_DOMAIN_FS_DRIVER_TYPE_LAST,
               "default",
@@ -4264,7 +4265,8 @@ virDomainFSDefParseXML(xmlNodePtr node,
             if (!source &&
                 xmlStrEqual(cur->name, BAD_CAST "source")) {
 
-                if (def->type == VIR_DOMAIN_FS_TYPE_MOUNT)
+                if (def->type == VIR_DOMAIN_FS_TYPE_MOUNT ||
+                    def->type == VIR_DOMAIN_FS_TYPE_BIND)
                     source = virXMLPropString(cur, "dir");
                 else if (def->type == VIR_DOMAIN_FS_TYPE_FILE)
                     source = virXMLPropString(cur, "file");
@@ -11353,6 +11355,7 @@ virDomainFSDefFormat(virBufferPtr buf,
 
     switch (def->type) {
     case VIR_DOMAIN_FS_TYPE_MOUNT:
+    case VIR_DOMAIN_FS_TYPE_BIND:
         virBufferEscapeString(buf, "      <source dir='%s'/>\n",
                               def->src);
         break;

diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 7ce0694441955e29d2057673a4540f0394dd6d20..7d5d60bd269aa58d45df82fa2d1b6050a2d5c747 100644 (file)
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -657,11 +657,12 @@ struct _virDomainControllerDef {
 
 /* Two types of disk backends */
 enum virDomainFSType {
-    VIR_DOMAIN_FS_TYPE_MOUNT,   /* Better named 'bind' */
-    VIR_DOMAIN_FS_TYPE_BLOCK,
-    VIR_DOMAIN_FS_TYPE_FILE,
-    VIR_DOMAIN_FS_TYPE_TEMPLATE,
-    VIR_DOMAIN_FS_TYPE_RAM,
+    VIR_DOMAIN_FS_TYPE_MOUNT, /* Mounts (binds) a host dir on a guest dir */
+    VIR_DOMAIN_FS_TYPE_BLOCK, /* Mounts a host block dev on a guest dir */
+    VIR_DOMAIN_FS_TYPE_FILE,  /* Loopback mounts a host file on a guest dir */
+    VIR_DOMAIN_FS_TYPE_TEMPLATE, /* Expands a OS template to a guest dir */
+    VIR_DOMAIN_FS_TYPE_RAM,   /* Mount a RAM filesystem on a guest dir */
+    VIR_DOMAIN_FS_TYPE_BIND,  /* Binds a guest dir to another guest dir */
 
     VIR_DOMAIN_FS_TYPE_LAST
 };

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index b69255e026d4da5b4e2d14b93851b21480c8bcc7..bf67ba11abb1e4d45613e1fc49ff9d82687fa1b6 100644 (file)
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1025,7 +1025,14 @@ static int lxcContainerMountFS(virDomainFSDefPtr fs,
         if (lxcContainerMountFSTmpfs(fs) < 0)
             return -1;
         break;
+    case VIR_DOMAIN_FS_TYPE_BIND:
+        if (lxcContainerMountFSBind(fs, "") < 0)
+            return -1;
+        break;
     case VIR_DOMAIN_FS_TYPE_FILE:
+        /* We do actually support this, but the lxc controller
+         * should have associated the file with a loopback
+         * device and changed this to TYPE_BLOCK for us */
         lxcError(VIR_ERR_INTERNAL_ERROR,
                  _("Unexpected filesystem type %s"),
                  virDomainFSTypeToString(fs->type));