On 08/04/2011 10:17 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange"<berrange@xxxxxxxxxx>
An application container shouldn't get a private /dev. Fix
the regression from 6d37888e6a35a37e6faf7c0a1b1b4d9a5dee1285
* src/lxc/lxc_container.c: Don't mount /dev for app containers
---
src/lxc/lxc_container.c | 34 ++++++++++++++++++++++------------
1 files changed, 22 insertions(+), 12 deletions(-)
@@ -419,20 +420,28 @@ static int lxcContainerMountBasicFS(const char *srcprefix)
* mount point in the main OS becomes readonly too which si not what
pre-existing, but while you're here: s/si/is/
* we want. Hence some things have two entries here.
*/
- { false, "devfs", "/dev", "tmpfs", "mode=755", MS_NOSUID },
- { false, "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
- { false, "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND },
- { false, "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
- { true, "/sys", "/sys", NULL, NULL, MS_BIND },
- { true, "/sys", "/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
- { true, "/selinux", "/selinux", NULL, NULL, MS_BIND },
- { true, "/selinux", "/selinux", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
+ { true, false, "devfs", "/dev", "tmpfs", "mode=755", MS_NOSUID },
Adding the new bool at the front of the struct threw me for a loop on my
first read, but it looks correct, so not a problem.
ACK with the typo fix squashed in.
--
Eric Blake eblake@xxxxxxxxxx +1-801-349-2682
Libvirt virtualization library http://libvirt.org
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list