Re: [libvirt] [PATCH] LXC: securityfs: the src of securityfs should be /sys/kernel/security
On Mon, Oct 07, 2013 at 06:48:18PM +0800, Gao feng wrote:
Otherwise we can't know if securityfs is avaiabled.
Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com>
---
src/lxc/lxc_container.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index b1f429c..a15ce59 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -768,8 +768,8 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = {
{ "/proc/sys", "/proc/sys", NULL, NULL,
MS_BIND|MS_REMOUNT|MS_RDONLY },
{ "sysfs", "/sys", "sysfs", NULL,
MS_NOSUID|MS_NOEXEC|MS_NODEV },
{ "sysfs", "/sys", "sysfs", NULL,
MS_BIND|MS_REMOUNT|MS_RDONLY },
- { "securityfs", "/sys/kernel/security", "securityfs",
NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
- { "securityfs", "/sys/kernel/security", "securityfs",
NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
+ { "/sys/kernel/security", "/sys/kernel/security",
"securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
+ { "/sys/kernel/security", "/sys/kernel/security",
"securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
#if WITH_SELINUX
{ SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL,
MS_NOSUID|MS_NOEXEC|MS_NODEV },
{ SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
Huh, this isn't right. If this has any functional effect, then it is
merely exposing a bug somewhere else. The 'src' is just an opaque
string for psuedo filesystems like securityfs that shouldn't have any
functional effect.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|