added $skiplock parameter for pct start/stop

Like with qemu the root user can use -skiplock with 'pct
start' and 'pct stop'.

This does not alter the container's lxc config, instead we
pass PVE_SKIPLOCK=1 via the environment which will be seen
from the prestart hook but not from inside the container.

diff --git a/src/PVE/API2/LXC/Status.pm b/src/PVE/API2/LXC/Status.pm
index 1c80355c29cf3aff472df0058678f3bf3db5c26c..cd7f04d7d8919c6d2e6eddb60ebc3ed8d2b1dcdf 100644 (file)
--- a/src/PVE/API2/LXC/Status.pm
+++ b/src/PVE/API2/LXC/Status.pm
@@ -112,6 +112,7 @@ __PACKAGE__->register_method({
        properties => {
            node => get_standard_option('pve-node'),
            vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_stopped }),
+           skiplock => get_standard_option('skiplock'),
        },
     },
     returns => {
@@ -128,6 +129,10 @@ __PACKAGE__->register_method({
 
        my $vmid = extract_param($param, 'vmid');
 
+       my $skiplock = extract_param($param, 'skiplock');
+       raise_param_exc({ skiplock => "Only root may use this option." })
+           if $skiplock && $authuser ne 'root@pam';
+
        die "CT $vmid already running\n" if PVE::LXC::check_running($vmid);
 
        PVE::Cluster::check_cfs_quorum();
@@ -163,12 +168,14 @@ __PACKAGE__->register_method({
                    die "you can't start a CT if it's a template\n"
                        if PVE::LXC::is_template($conf);
 
-                   PVE::LXC::check_lock($conf);
+                   PVE::LXC::check_lock($conf) if !$skiplock;
 
                    my $storage_cfg = cfs_read_file("storage.cfg");
 
                    PVE::LXC::update_lxc_config($storage_cfg, $vmid, $conf);
 
+                   local $ENV{PVE_SKIPLOCK}=1 if $skiplock;
+
                    my $cmd = ['lxc-start', '-n', $vmid];
 
                    run_command($cmd);
@@ -198,6 +205,7 @@ __PACKAGE__->register_method({
        properties => {
            node => get_standard_option('pve-node'),
            vmid => get_standard_option('pve-vmid', { completion => \&PVE::LXC::complete_ctid_running }),
+           skiplock => get_standard_option('skiplock'),
        },
     },
     returns => {
@@ -214,6 +222,10 @@ __PACKAGE__->register_method({
 
        my $vmid = extract_param($param, 'vmid');
 
+       my $skiplock = extract_param($param, 'skiplock');
+       raise_param_exc({ skiplock => "Only root may use this option." })
+           if $skiplock && $authuser ne 'root@pam';
+
        die "CT $vmid not running\n" if !PVE::LXC::check_running($vmid);
 
        if (PVE::HA::Config::vm_is_ha_managed($vmid) && $rpcenv->{type} ne 'ha') {
@@ -244,7 +256,7 @@ __PACKAGE__->register_method({
 
                    my $conf = PVE::LXC::load_config($vmid);
 
-                   PVE::LXC::check_lock($conf);
+                   PVE::LXC::check_lock($conf) if !$skiplock;
 
                    my $cmd = ['lxc-stop', '-n', $vmid, '--kill'];
 

diff --git a/src/lxc-pve-prestart-hook b/src/lxc-pve-prestart-hook
index 1ba957f63eb8805a9b1e119821433011a8bd64d6..d52cbbc1723fe43653a4b6d5dc8ecedcf15d942f 100755 (executable)
--- a/src/lxc-pve-prestart-hook
+++ b/src/lxc-pve-prestart-hook
@@ -63,7 +63,7 @@ __PACKAGE__->register_method ({
        return undef if ! -f PVE::LXC::config_file($vmid);
 
        my $conf = PVE::LXC::load_config($vmid);
-       PVE::LXC::check_lock($conf);
+       PVE::LXC::check_lock($conf) if !$ENV{PVE_SKIPLOCK};
 
        my $storage_cfg = PVE::Storage::config();