-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We do not want to share /run with containers in order to prevent information
leakage and applications within the containers attempting to communicate with
applications outside of the container.
It uses the same mount options used for /dev.
We also want to bind mount over /var/run directory since this will either be a
symbolic link to /run but on some installations /run is bind mounted over
/var/run. If we just mount /run we are not guaranteed the /var/run will have
the same content.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk+j7skACgkQrlYvE4MpobNSKQCfY2yGP/S+piUJ9VNtSjrliFTp
ucAAoLJOazpcZvBRFnQUa7uqhh+tRagb
=TjAb
-----END PGP SIGNATURE-----
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 88f8a21..4cbe4b9 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -539,6 +519,28 @@ static int lxcContainerMountBasicFS(const char *srcprefix, bool pivotRoot)
"devfs", "/dev", "tmpfs");
goto cleanup;
}
+
+ /* Mount /run with a tmpfs iff it exists. Bind mount /run
+ over /var/run to make sure they point to the same directory
+ */
+ if ((access("/run", F_OK) == 0)) {
+ VIR_DEBUG("Mount tmpfs on /run type=tmpfs flags=%x, opts=%s",
+ MS_NOSUID, opts);
+ if (mount("tmpfs", "/run", "tmpfs", MS_NOSUID | MS_NODEV , opts) < 0) {
+ virReportSystemError(errno,
+ _("Failed to mount %s on %s type %s"),
+ "tmpfs", "/run", "tmpfs");
+ goto cleanup;
+ }
+
+ VIR_DEBUG("Mount /run on /var/run type=bind");
+ if (mount("/run", "/var/run", "run", MS_BIND , NULL) < 0) {
+ virReportSystemError(errno,
+ _("Failed to mount %s on %s"),
+ "/run", "/var/run");
+ goto cleanup;
+ }
+ }
}
rc = 0;
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list