[libvirt] [PATCH] Always pivot_root event if the new root source is '/'

Thursday, 14 June 2012

From: "Daniel P. Berrange" <berrange(a)redhat.com&gt;

This reverts

  commit c16b4c43fcdd8ec02581f38377983b2e0925bfcd
  Author: Daniel P. Berrange <berrange(a)redhat.com&gt;
  Date:   Fri May 11 15:09:27 2012 +0100

    Avoid LXC pivot root in the root source is still /

This commit broke setup of /dev, because the code which
deals with setting up a private /dev and /dev/pts only
works if you do a pivotroot.

The original intent of avoiding the pivot root was to
try and ensure the new root has a minimumal mount
tree. The better way todo this is to just unmount the
bits we don't want (ie old /proc & /sys subtrees.
So apply the logic from

  commit c529b47a756960d332fbe9903943dae855e7b949
  Author: Daniel P. Berrange <berrange(a)redhat.com&gt;
  Date:   Fri May 11 11:35:28 2012 +0100

    Trim /proc & /sys subtrees before mounting new instances

to the pivot_root codepath as well
---
 src/lxc/lxc_container.c |   13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index bad7938..b8fb14e 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1345,6 +1345,13 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
     if (lxcContainerPivotRoot(root) < 0)
         goto cleanup;
 
+    /* Gets rid of any existing stuff under /proc, since we need new
+     * namespace aware versions of those. We must do /proc second
+     * otherwise we won't find /proc/mounts :-) */
+    if (lxcContainerUnmountSubtree("/sys", false) < 0 ||
+        lxcContainerUnmountSubtree("/proc", false) < 0)
+        goto cleanup;
+
     /* Mounts the core /proc, /sys, etc filesystems */
     if (lxcContainerMountBasicFS(vmDef, true, securityDriver) < 0)
         goto cleanup;
@@ -1472,11 +1479,7 @@ static int lxcContainerSetupMounts(virDomainDefPtr vmDef,
     if (lxcContainerResolveSymlinks(vmDef) < 0)
         return -1;
 
-    /* If the user has specified a dst '/' with a source of '/'
-     * then we don't really want to go down the pivot root
-     * path, as we're just tuning the existing root
-     */
-    if (root && root->src && STRNEQ(root->src, "/"))
+    if (root && root->src)
         return lxcContainerSetupPivotRoot(vmDef, root, ttyPaths, nttyPaths,
securityDriver);
     else
         return lxcContainerSetupExtraMounts(vmDef, root, securityDriver);
-- 
1.7.10.2


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005