From f36fbef6bed86c039b352ff5dac830b3c38a9a7f Mon Sep 17 00:00:00 2001
From: Lai Jiangshan <jiangshanlai@gmail.com>
Date: Wed, 30 Aug 2017 16:47:57 +0800
Subject: [PATCH] share /dev/shm for all the containers in the pod

fix #323

All containers in the pod share the same ipc namespace. However,
posix ipc primitives are shm_open() family whose behaviors
implemented in glibc are to create&share the shm objects within
/dev/shm (or scans /proceed/mounts for any tmpfs if /dev/shm
is not tmpfs).
So we have to create the only one tmpfs mount and share it
to all the containers.

Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>
---
 src/container.c |  4 ++--
 src/init.c      | 29 +++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/src/container.c b/src/container.c
index 73650c8b..24683b75 100644
--- a/src/container.c
+++ b/src/container.c
@@ -307,8 +307,8 @@ static int container_setup_mount(struct hyper_container *container)
 		return -1;
 	}
 
-	if (mount("tmpfs", "./dev/shm/", "tmpfs", MS_NOSUID| MS_NODEV, NULL) < 0) {
-		perror("mount shm failed");
+	if (mount("/tmp/hyper/shm", "./dev/shm/", "tmpfs", MS_BIND, NULL) < 0) {
+		perror("bind mount shared shm failed");
 		return -1;
 	}
 
diff --git a/src/init.c b/src/init.c
index 3c68fdbf..0dc9e6b5 100644
--- a/src/init.c
+++ b/src/init.c
@@ -403,6 +403,30 @@ int hyper_enter_sandbox(struct hyper_pod *pod, int pid_efd)
 	return ret;
 }
 
+/*
+ * All containers in the pod share the same ipc namespace. However,
+ * posix ipc primitives are shm_open() family whose behaviors
+ * implemented in glibc are to create&share the shm objects within
+ * /dev/shm (or scans /proceed/mounts for any tmpfs if /dev/shm
+ * is not tmpfs).
+ * So we have to create the only one tmpfs mount and share it
+ * to all the containers.
+ */
+static int hyper_setup_shm(struct hyper_pod *pod)
+{
+	if (hyper_mkdir("/tmp/hyper/shm", 0755) < 0) {
+		perror("create shared shm directory failed");
+		return -1;
+	}
+
+	if (mount("tmpfs", "/tmp/hyper/shm", "tmpfs", MS_NOSUID| MS_NODEV, NULL) < 0) {
+		perror("mount shm failed");
+		return -1;
+	}
+
+	return 0;
+}
+
 #ifdef WITH_VBOX
 
 #define MAX_HOST_NAME  256
@@ -535,6 +559,11 @@ static int hyper_setup_pod(struct hyper_pod *pod)
 		return -1;
 	}
 
+	if (hyper_setup_shm(pod) < 0) {
+		fprintf(stderr, "setup shared shm failed\n");
+		return -1;
+	}
+
 	if (hyper_setup_pod_init(pod) < 0) {
 		fprintf(stderr, "start container failed\n");
 		return -1;