[PATCH v2 1/2] LXC: fix the problem that libvirt lxc fail to start on latest kernel

Gao feng <gaofeng@xxxxxxxxxxxxxx> · Wed, 20 Nov 2013 10:11:08 +0800

After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
vfs: Lock in place mounts from more privileged users,

unprivileged user has no rights to move the mounts that
inherited from parent mountns. we use this feature to move
the /stateDir/domain-name.{dev, devpts} to the /dev/ and
/dev/pts directroy of container. this commit breaks libvirt lxc.

this patch changes the behavior to bind these mounts when
user namespace is enabled and move these mounts when user
namespace is disabled.

Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
---
 src/lxc/lxc_container.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 2bdf957..3d9b491 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -958,6 +958,7 @@ static int lxcContainerMountFSDev(virDomainDefPtr def,
 {
     int ret = -1;
     char *path = NULL;
+    int flags = def->idmap.nuidmap ? MS_BIND : MS_MOVE;
 
     VIR_DEBUG("Mount /dev/ stateDir=%s", stateDir);
 
@@ -971,9 +972,10 @@ static int lxcContainerMountFSDev(virDomainDefPtr def,
         goto cleanup;
     }
 
-    VIR_DEBUG("Trying to move %s to /dev", path);
+    VIR_DEBUG("Trying to %s %s to /dev", def->idmap.nuidmap ?
+              "bind" : "move", path);
 
-    if (mount(path, "/dev", NULL, MS_MOVE, NULL) < 0) {
+    if (mount(path, "/dev", NULL, flags, NULL) < 0) {
         virReportSystemError(errno,
                              _("Failed to mount %s on /dev"),
                              path);
@@ -992,6 +994,7 @@ static int lxcContainerMountFSDevPTS(virDomainDefPtr def,
 {
     int ret;
     char *path = NULL;
+    int flags = def->idmap.nuidmap ? MS_BIND : MS_MOVE;
 
     VIR_DEBUG("Mount /dev/pts stateDir=%s", stateDir);
 
@@ -1007,10 +1010,10 @@ static int lxcContainerMountFSDevPTS(virDomainDefPtr def,
         goto cleanup;
     }
 
-    VIR_DEBUG("Trying to move %s to /dev/pts", path);
+    VIR_DEBUG("Trying to %s %s to /dev/pts", def->idmap.nuidmap ?
+              "bind" : "move", path);
 
-    if ((ret = mount(path, "/dev/pts",
-                     NULL, MS_MOVE, NULL)) < 0) {
+    if ((ret = mount(path, "/dev/pts", NULL, flags, NULL)) < 0) {
         virReportSystemError(errno,
                              _("Failed to mount %s on /dev/pts"),
                              path);
-- 
1.8.3.1

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list







