share /dev/shm for all the containers in the pod

fix #323

All containers in the pod share the same ipc namespace. However,
posix ipc primitives are shm_open() family whose behaviors
implemented in glibc are to create&share the shm objects within
/dev/shm (or scans /proceed/mounts for any tmpfs if /dev/shm
is not tmpfs).
So we have to create the only one tmpfs mount and share it
to all the containers.

Signed-off-by: Lai Jiangshan <jiangshanlai@gmail.com>

Author: laijs

src/container.c

@@ -307,8 +307,8 @@ static int container_setup_mount(struct hyper_container *container)
 		return -1;
 	}
 
-	if (mount("tmpfs", "./dev/shm/", "tmpfs", MS_NOSUID| MS_NODEV, NULL) < 0) {
-		perror("mount shm failed");
+	if (mount("/tmp/hyper/shm", "./dev/shm/", "tmpfs", MS_BIND, NULL) < 0) {
+		perror("bind mount shared shm failed");
 		return -1;
 	}
 

src/init.c

@@ -403,6 +403,30 @@ int hyper_enter_sandbox(struct hyper_pod *pod, int pid_efd)
 	return ret;
 }
 
+/*
+ * All containers in the pod share the same ipc namespace. However,
+ * posix ipc primitives are shm_open() family whose behaviors
+ * implemented in glibc are to create&share the shm objects within
+ * /dev/shm (or scans /proceed/mounts for any tmpfs if /dev/shm
+ * is not tmpfs).
+ * So we have to create the only one tmpfs mount and share it
+ * to all the containers.
+ */
+static int hyper_setup_shm(struct hyper_pod *pod)
+{
+	if (hyper_mkdir("/tmp/hyper/shm", 0755) < 0) {
+		perror("create shared shm directory failed");
+		return -1;
+	}
+
+	if (mount("tmpfs", "/tmp/hyper/shm", "tmpfs", MS_NOSUID| MS_NODEV, NULL) < 0) {
+		perror("mount shm failed");
+		return -1;
+	}
+
+	return 0;
+}
+
 #ifdef WITH_VBOX
 
 #define MAX_HOST_NAME  256
@@ -535,6 +559,11 @@ static int hyper_setup_pod(struct hyper_pod *pod)
 		return -1;
 	}
 
+	if (hyper_setup_shm(pod) < 0) {
+		fprintf(stderr, "setup shared shm failed\n");
+		return -1;
+	}
+
 	if (hyper_setup_pod_init(pod) < 0) {
 		fprintf(stderr, "start container failed\n");
 		return -1;