The unix socket file /run/systemd/private is used to
send reboot/shutdown messages. and since this type of
unix sockets are not per net namespace , they are
global resources. systemctl in container can use
this unix socket to send shutdown message to the
systemd-shutdownd running on host. finally the
host will be poweroff.
this problem occurs when container shares the same
root directory with host.
this patch umount host's /run directory and mount
the /run directory of container as tmpfs.
Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
---
src/lxc/lxc_container.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 8abaea0..aae8e6a 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -772,6 +772,10 @@ static int lxcContainerMountBasicFS(void)
{ "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
{ "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
{ "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
+ /* We should mount /run directory as tmpfs, since it contains some
+ * global files such as /run/systemd/private which can be used to
+ * send reboot/shutdown message from container to host. */
+ { "tmpfs", "/run", "tmpfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
#if WITH_SELINUX
{ SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
{ SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
@@ -1526,6 +1530,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
if (STREQ(root->src, "/") &&
(lxcContainerUnmountSubtree("/sys", false) < 0 ||
lxcContainerUnmountSubtree("/dev", false) < 0 ||
+ lxcContainerUnmountSubtree("/run", false) < 0 ||
lxcContainerUnmountSubtree("/proc", false) < 0))
goto cleanup;
--
1.8.3.1
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list