Add support for use of ext4 in containers

By default, LXD won't allow an unpriviledged container
to format and mount a block device, so although a block
device can be passed to a container, its not possible
to use it from inside the container.

Add a configuration flag to turn on support for use of
ext4 within user namespaces, allow unpriviledged LXD
containers to format and mount ext4 formatted block
devices from inside of the container.

Change-Id: I8eace1e7b7d4db14a3dc9f82080ac1b0ca29e892
This commit is contained in:
Chuck Short 2016-07-14 15:01:23 -04:00 committed by James Page
parent 7737169846
commit 017246768e
2 changed files with 14 additions and 1 deletions

View File

@ -40,4 +40,8 @@ options:
type: boolean
default: False
description: Use LXD source from github.
enable-ext4-userns:
type: boolean
default: false
description: |
Enable use of EXT4 in LXD containers for block storage support.

View File

@ -97,6 +97,7 @@ LXD_GIT = 'github.com/lxc/lxd'
DEFAULT_LOOPBACK_SIZE = '10G'
PW_LENGTH = 16
ZFS_POOL_NAME = 'lxd'
EXT4_USERNS_MOUNTS = "/sys/module/ext4/parameters/userns_mounts"
def install_lxd():
@ -416,12 +417,20 @@ def configure_lxd_host():
'core.https_address', '[::]']
check_call(cmd)
# configure live migration
if ubuntu_release == 'xenial':
apt_install('linux-image-extra-%s' % os.uname()[2],
fatal=True)
if ubuntu_release >= 'xenial':
modprobe('netlink_diag')
if os.path.exists(EXT4_USERNS_MOUNTS):
with open(EXT4_USERNS_MOUNTS, 'w') as userns_mounts:
userns_mounts.write(
'Y\n' if config('enable-ext4-userns') else 'N\n'
)
elif ubuntu_release == "vivid":
log('Vivid deployment - loading overlay kernel module', level=INFO)
cmd = ['modprobe', 'overlay']