Reviewed-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx> > -----Original Message----- > From: libvir-list-bounces@xxxxxxxxxx [mailto:libvir-list-bounces@xxxxxxxxxx] > On Behalf Of Daniel P. Berrange > Sent: Monday, October 07, 2013 9:07 PM > To: libvir-list@xxxxxxxxxx > Subject: [PATCH 4/6] Remove duplicate entries in lxcBasicMounts array > > From: "Daniel P. Berrange" <berrange@xxxxxxxxxx> > > Currently the lxcBasicMounts array has separate entries for > most mounts, to reflect that we must do a separate mount > operation to make mounts read-only. Remove the duplicate > entries and instead set the MS_RDONLY flag against the main > entry. Then change lxcContainerMountBasicFS to look for the > MS_RDONLY flag, mask it out & do a separate bind mount. > > Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx> > --- > src/lxc/lxc_container.c | 44 +++++++++++++++++++++++++++----------------- > 1 file changed, 27 insertions(+), 17 deletions(-) > > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c > index 1b1c93b..a7f71ef 100644 > --- a/src/lxc/lxc_container.c > +++ b/src/lxc/lxc_container.c > @@ -756,22 +756,12 @@ typedef struct { > } virLXCBasicMountInfo; > > static const virLXCBasicMountInfo lxcBasicMounts[] = { > - /* When we want to make a bind mount readonly, for unknown reasons, > - * it is currently necessary to bind it once, and then remount the > - * bind with the readonly flag. If this is not done, then the original > - * mount point in the main OS becomes readonly too which is not what > - * we want. Hence some things have two entries here. > - */ > { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, > - { "/proc/sys", "/proc/sys", NULL, MS_BIND }, > - { "/proc/sys", "/proc/sys", NULL, > MS_BIND|MS_REMOUNT|MS_RDONLY }, > - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, > - { "sysfs", "/sys", "sysfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, > - { "securityfs", "/sys/kernel/security", "securityfs", > MS_NOSUID|MS_NOEXEC|MS_NODEV }, > - { "securityfs", "/sys/kernel/security", "securityfs", > MS_BIND|MS_REMOUNT|MS_RDONLY }, > + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY }, > + { "sysfs", "/sys", "sysfs", > MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, > + { "securityfs", "/sys/kernel/security", "securityfs", > MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, > #if WITH_SELINUX > - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", > MS_NOSUID|MS_NOEXEC|MS_NODEV }, > - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, > MS_BIND|MS_REMOUNT|MS_RDONLY }, > + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", > MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, > #endif > }; > > @@ -852,6 +842,7 @@ static int lxcContainerMountBasicFS(bool > userns_enabled) > VIR_DEBUG("Mounting basic filesystems"); > > for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { > + bool bindOverReadonly; > virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; > > VIR_DEBUG("Processing %s -> %s", > @@ -878,13 +869,32 @@ static int lxcContainerMountBasicFS(bool > userns_enabled) > goto cleanup; > } > > + /* > + * We can't immediately set the MS_RDONLY flag when mounting > filesystems > + * because (in at least some kernel versions) this will propagate > back > + * to the original mount in the host OS, turning it readonly too. This > + * We mount the filesystem in read-write mode initially, and then do > a > + * separate read-only bind mount on top of that. > + */ > + bindOverReadonly = !!(mnt->mflags & MS_RDONLY); > + > VIR_DEBUG("Mount %s on %s type=%s flags=%x", > - mnt->src, mnt->dst, mnt->type, mnt->mflags); > - if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { > + mnt->src, mnt->dst, mnt->type, mnt->mflags & > ~MS_RDONLY); > + if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags & > ~MS_RDONLY, NULL) < 0) { > virReportSystemError(errno, > _("Failed to mount %s on %s type %s > flags=%x"), > mnt->src, mnt->dst, > NULLSTR(mnt->type), > - mnt->mflags); > + mnt->mflags & ~MS_RDONLY); > + goto cleanup; > + } > + > + if (bindOverReadonly && > + mount(mnt->src, mnt->dst, NULL, > + MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { > + virReportSystemError(errno, > + _("Failed to re-mount %s on %s > flags=%x"), > + mnt->src, mnt->dst, > + > MS_BIND|MS_REMOUNT|MS_RDONLY); > goto cleanup; > } > } > -- > 1.8.3.1 > > -- > libvir-list mailing list > libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list