Support writing into SysV IPC related parameters

Libvirt-lxc mounts /proc/sys with read-only attribute as default.
Therefore, we cannot change IPC related parameters under
/proc/sys/kernel such as shmmax inside containers.

However, containers' IPC related parameters are separated from
host by IPC namespace. As a result, changing IPC related parameters
inside a container has no effect on host but has effect on only the
container.

This patch changes domain XML for containers to additionally mount
IPC related parameters under /proc/sys/kernel as writable so that
we can change IPC related parameters inside containers.

Signed-off-by: Ken ICHIKAWA <ichikawa.ken@jp.fujitsu.com>

diff --git a/lxcf/lib/lxcf-setup b/lxcf/lib/lxcf-setup
index 2d49ef2..889a169 100755 (executable)
--- a/lxcf/lib/lxcf-setup
+++ b/lxcf/lib/lxcf-setup
@@ -641,6 +641,34 @@ domain = """\
       <target dir='/usr'/>
       <readonly/>
     </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/msgmax'/>
+      <target dir='/proc/sys/kernel/msgmax'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/msgmnb'/>
+      <target dir='/proc/sys/kernel/msgmnb'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/msgmni'/>
+      <target dir='/proc/sys/kernel/msgmni'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/sem'/>
+      <target dir='/proc/sys/kernel/sem'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/shmall'/>
+      <target dir='/proc/sys/kernel/shmall'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/shmmax'/>
+      <target dir='/proc/sys/kernel/shmmax'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/shmmni'/>
+      <target dir='/proc/sys/kernel/shmmni'/>
+    </filesystem>
     <interface type='network'>
       <source network='lxcfnet1'/>
     </interface>
@@ -672,6 +700,34 @@ domain_separate = """\
       <source dir='%(ROOTDIR)s'/>
       <target dir='/'/>
     </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/msgmax'/>
+      <target dir='/proc/sys/kernel/msgmax'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/msgmnb'/>
+      <target dir='/proc/sys/kernel/msgmnb'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/msgmni'/>
+      <target dir='/proc/sys/kernel/msgmni'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/sem'/>
+      <target dir='/proc/sys/kernel/sem'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/shmall'/>
+      <target dir='/proc/sys/kernel/shmall'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/shmmax'/>
+      <target dir='/proc/sys/kernel/shmmax'/>
+    </filesystem>
+    <filesystem type='mount' accessmode='passthrough'>
+      <source dir='/proc/sys/kernel/shmmni'/>
+      <target dir='/proc/sys/kernel/shmmni'/>
+    </filesystem>
     <interface type='network'>
       <source network='lxcfnet1'/>
     </interface>