Re: [libvirt] [PATCH v2 5/5] Set a security context on /dev and /dev/pts mounts
On 01/25/2012 07:12 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange(a)redhat.com>
To allow the container to access /dev and /dev/pts when under
sVirt, set an explicit mount option. Also set a max size on
the /dev mount to prevent DOS on memory usage
* src/lxc/lxc_container.c: Set /dev mount context
* src/lxc/lxc_controller.c: Set /dev/pts mount context
---
src/lxc/lxc_container.c | 72 +++++++++++++++++++++++++++++++++++-----------
src/lxc/lxc_controller.c | 32 ++++++++++++++++++--
2 files changed, 84 insertions(+), 20 deletions(-)
@@ -450,10 +456,8 @@ static int lxcContainerMountBasicFS(const char *srcprefix, bool
pivotRoot)
char *src = NULL;
const char *srcpath = NULL;
- VIR_DEBUG("Consider %s onlyPivotRoot=%d",
- mnts[i].src, mnts[i].onlyPivotRoot);
- if (mnts[i].onlyPivotRoot && !pivotRoot)
- continue;
+ VIR_DEBUG("Process %s -> %s",
+ mnts[i].src, mnts[i].dst);
That threw me; I read it as the noun, and expected a pid to be the next
word. Even though it's only a debug statement, I'd do
s/Process/Processing/ to make it obvious that you were using it as a verb.
ACK with that nit fixed. Yay - we have LXC sVirt approved for 0.9.10!
--
Eric Blake eblake(a)redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 620 bytes)