[PATCH v2 2/2] LXC: introduce lxcContainerUnmountForSharedRoot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Move the unmounting private or useless filesystems for
container to this function.

Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
---
 src/lxc/lxc_container.c | 98 +++++++++++++++++++++++++++----------------------
 1 file changed, 55 insertions(+), 43 deletions(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 0ab4ab7..661ac52 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1472,6 +1472,60 @@ cleanup:
 }
 
 
+static int lxcContainerUnmountForSharedRoot(const char *stateDir,
+                                            const char *domain)
+{
+    int ret = -1;
+    char *tmp = NULL;
+
+#if WITH_SELINUX
+    /* Some versions of Linux kernel don't let you overmount
+     * the selinux filesystem, so make sure we kill it first
+     */
+    /* Filed coverity bug for false positive 'USE_AFTER_FREE' due to swap
+     * of root->src with root->dst and the VIR_FREE(root->src) prior to the
+     * reset of root->src in lxcContainerPrepareRoot()
+     */
+    /* coverity[deref_arg] */
+    if (lxcContainerUnmountSubtree(SELINUX_MOUNT, false) < 0)
+        goto cleanup;
+#endif
+
+    /* These filesystems are created by libvirt temporarily, they
+     * shouldn't appear in container. */
+    if (virAsprintf(&tmp, "%s/%s.dev", stateDir, domain) < 0 ||
+        lxcContainerUnmountSubtree(tmp, false) < 0)
+        goto cleanup;
+
+    VIR_FREE(tmp);
+    if (virAsprintf(&tmp, "%s/%s.devpts", stateDir, domain) < 0 ||
+        lxcContainerUnmountSubtree(tmp, false) < 0)
+        goto cleanup;
+
+#if WITH_FUSE
+    VIR_FREE(tmp);
+    if (virAsprintf(&tmp, "%s/%s.fuse", stateDir, domain) < 0 ||
+        lxcContainerUnmountSubtree(tmp, false) < 0)
+        goto cleanup;
+#endif
+
+    /* If we have the root source being '/', then we need to
+     * get rid of any existing stuff under /proc, /sys & /tmp.
+     * We need new namespace aware versions of those. We must
+     * do /proc last otherwise we won't find /proc/mounts :-) */
+    if (lxcContainerUnmountSubtree("/sys", false) < 0 ||
+        lxcContainerUnmountSubtree("/dev", false) < 0 ||
+        lxcContainerUnmountSubtree("/proc", false) < 0)
+        goto cleanup;
+
+    ret = 0;
+
+cleanup:
+    VIR_FREE(tmp);
+    return ret;
+}
+
+
 /* Got a FS mapped to /, we're going the pivot_root
  * approach to do a better-chroot-than-chroot
  * this is based on this thread http://lkml.org/lkml/2008/3/5/29
@@ -1486,7 +1540,6 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
     int ret = -1;
     char *sec_mount_options;
     char *stateDir = NULL;
-    char *tmp = NULL;
 
     VIR_DEBUG("Setup pivot root");
 
@@ -1509,48 +1562,8 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
     if (lxcContainerPivotRoot(root) < 0)
         goto cleanup;
 
-#if WITH_SELINUX
-    /* Some versions of Linux kernel don't let you overmount
-     * the selinux filesystem, so make sure we kill it first
-     */
-    /* Filed coverity bug for false positive 'USE_AFTER_FREE' due to swap
-     * of root->src with root->dst and the VIR_FREE(root->src) prior to the
-     * reset of root->src in lxcContainerPrepareRoot()
-     */
-    /* coverity[deref_arg] */
-    if (STREQ(root->src, "/") &&
-        lxcContainerUnmountSubtree(SELINUX_MOUNT, false) < 0)
-        goto cleanup;
-#endif
-
-    /* These filesystems are created by libvirt temporarily, they
-     * shouldn't appear in container. */
-    if (STREQ(root->src, "/")) {
-        if (virAsprintf(&tmp, "%s/%s.dev", stateDir, vmDef->name) < 0 ||
-            lxcContainerUnmountSubtree(tmp, false) < 0)
-            goto cleanup;
-
-        VIR_FREE(tmp);
-        if (virAsprintf(&tmp, "%s/%s.devpts", stateDir, vmDef->name) < 0 ||
-            lxcContainerUnmountSubtree(tmp, false) < 0)
-            goto cleanup;
-
-#if WITH_FUSE
-        VIR_FREE(tmp);
-        if (virAsprintf(&tmp, "%s/%s.fuse", stateDir, vmDef->name) < 0 ||
-            lxcContainerUnmountSubtree(tmp, false) < 0)
-            goto cleanup;
-#endif
-    }
-
-    /* If we have the root source being '/', then we need to
-     * get rid of any existing stuff under /proc, /sys & /tmp.
-     * We need new namespace aware versions of those. We must
-     * do /proc last otherwise we won't find /proc/mounts :-) */
     if (STREQ(root->src, "/") &&
-        (lxcContainerUnmountSubtree("/sys", false) < 0 ||
-         lxcContainerUnmountSubtree("/dev", false) < 0 ||
-         lxcContainerUnmountSubtree("/proc", false) < 0))
+        lxcContainerUnmountForSharedRoot(stateDir, vmDef->name) < 0)
         goto cleanup;
 
     /* Mounts the core /proc, /sys, etc filesystems */
@@ -1592,7 +1605,6 @@ cleanup:
     VIR_FREE(stateDir);
     virCgroupFree(&cgroup);
     VIR_FREE(sec_mount_options);
-    VIR_FREE(tmp);
     return ret;
 }
 
-- 
1.8.3.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]