On Tue, Nov 12, 2013 at 07:38:02PM +0800, Chen Hanxiao wrote:
> From: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
>
> We bind mount some dir from host to guest.
> With userns enabled, if we couldn't know
> the dir's ownership, don't mount it.
>
> Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
> ---
> src/lxc/lxc_container.c | 14 ++++++++++++++
> 1 file changed, 14 insertions(+)
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index 255c711..92d0a39 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -96,6 +96,8 @@
> typedef char lxc_message_t;
> #define LXC_CONTINUE_MSG 'c'
>
> +#define OVERFLOWUID 65534
> +
> typedef struct __lxc_child_argv lxc_child_argv_t;
> struct __lxc_child_argv {
> virDomainDefPtr config;
> @@ -1073,6 +1075,18 @@ static int lxcContainerMountFSBind(virDomainFSDefPtr fs,
> if (virAsprintf(&src, "%s%s", srcprefix, fs->src) < 0)
> goto cleanup;
>
> + if (stat(src, &st) < 0) {
> + virReportSystemError(errno, _("Unable to stat bind source %s"),
> + src);
> + goto cleanup;
> + } else {
> + if (OVERFLOWUID == st.st_uid || OVERFLOWUID == st.st_gid)
> + errno = EPERM;
> + virReportSystemError(errno, _("Unknown st_uid/st_gid for %s"),
> + fs->src);
> + goto cleanup;
> + }
> +
> if (stat(fs->dst, &st) < 0) {
> if (errno != ENOENT) {
> virReportSystemError(errno, _("Unable to stat bind target %s"),
I'm still not clear what actual problem you're trying to solve here.
What is the current behaviour without this patch & why does it need to
be changed ?
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list