[PATCH v2] LXC: Detect fs support. Mount only supported filesystems

[Bogdan Purcareata <bogdan.purcareata@xxxxxxxxxxxxx>]

Kept ((access(dstpath, R_OK) < 0) || (!lxcCheckFSSupport(mnt->type)))
when determining support for the mount. Even if the filesystem type is
supported, there is still a chance to fail when building the dstpath
(virFileMakePath). If that call fails, starting the container will fail.
Specifically encountered this problem for securityfs, as I was unable
to mkdir /sys/kernel/security.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata@xxxxxxxxxxxxx>
---
 src/lxc/lxc_container.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 67 insertions(+)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 989e920..496443d 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -509,6 +509,67 @@ static int lxcContainerChildMountSort(const void *a, const void *b)
 # define MS_SLAVE                (1<<19)
 #endif
 
+/*
+ * This function attempts to detect kernel support
+ * for a specific filesystem type. This is done by
+ * inspecting /proc/filesystems.
+ */
+static int lxcCheckFSSupport(const char *fs_type)
+{
+    FILE *fp = NULL;
+    int ret = -1;
+    const char *fslist = "/proc/filesystems";
+    char *line = NULL;
+    char *type;
+    size_t n;
+
+    /* there should be no problem mounting an entry
+     * with NULL fs type, hence NULL fs types are
+     * supported */
+    if (!fs_type) {
+	ret = 1;
+	goto out;
+    }
+
+    VIR_DEBUG("Checking kernel support for %s in %s", fs_type, fslist);
+
+    if (!(fp = fopen(fslist, "r"))) {
+        virReportSystemError(errno,
+                             _("Unable to read %s"),
+                             fslist);
+        goto out;
+    }
+
+    while(getline(&line, &n, fp) > 0) {
+	type = strstr(line, fs_type);
+
+	if (!type)
+		continue;
+
+	if (!strncmp(type, fs_type, strlen(type))) {
+		ret = 1;
+		goto cleanup;
+	}
+    }
+
+    if (ferror(fp)) {
+	virReportSystemError(errno,
+                             _("Error reading line from %s"),
+                             fslist);
+        goto cleanup;
+    }
+
+    VIR_DEBUG("No kernel support for %s", fs_type);
+
+    ret = 0;
+
+cleanup:
+    VIR_FREE(line);
+    VIR_FORCE_FCLOSE(fp);
+out:
+    return ret;
+}
+
 static int lxcContainerGetSubtree(const char *prefix,
                                   char ***mountsret,
                                   size_t *nmountsret)
@@ -789,17 +850,23 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
     for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) {
         virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i];
         const char *srcpath = NULL;
+	const char *dstpath = NULL;
 
         VIR_DEBUG("Processing %s -> %s",
                   mnt->src, mnt->dst);
 
         srcpath = mnt->src;
+	dstpath = mnt->dst;
 
         /* Skip if mount doesn't exist in source */
         if ((srcpath[0] == '/') &&
             (access(srcpath, R_OK) < 0))
             continue;
 
+	if ((access(dstpath, R_OK) < 0) || /* mount is not present on host */
+	    (!lxcCheckFSSupport(mnt->type))) /* no fs support in kernel */
+		continue;
+
 #if WITH_SELINUX
         if (STREQ(mnt->src, SELINUX_MOUNT) &&
             (!is_selinux_enabled() || userns_enabled))
-- 
1.7.11.7


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list