[libvirt] [PATCH] lxc: stop rootless containers from messing with system mounts

If a container has no root, liblxc remounts /proc. If the system had marked / as MS_SHARED, then even though the container is in a new mounts namespace, the mount event is propagated back to the host mounts namespace, overwriting /proc. After that, for instance, ps will no longer show system processes. A Fedora 11 default install has / MS_SHARED. Make sure that root is not MS_SHARED before remounting /proc. I'm making it MS_SLAVE so that the container will receive mount events from the host, but not vice versa. Signed-off-by: Serge Hallyn <serue(a)us.ibm.com&gt; --- src/lxc_container.c | 11 ++++++++++- 1 files changed, 10 insertions(+), 1 deletions(-) diff --git a/src/lxc_container.c b/src/lxc_container.c index d3959f6..8addd23 100644 --- a/src/lxc_container.c +++ b/src/lxc_container.c @@ -273,7 +273,11 @@ static int lxcContainerChildMountSort(const void *a, const void *b) #endif #ifndef MS_PRIVATE -#define MS_PRIVATE 1<<18 +#define MS_PRIVATE (1<<18) +#endif + +#ifndef MS_SLAVE +#define MS_SLAVE (1<<19) #endif static int lxcContainerPivotRoot(virDomainFSDefPtr root) @@ -558,6 +562,11 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef) { int i; + if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) { + virReportSystemError(NULL, errno, "%s", + _("failed to make / slave")); + return -1; + } for (i = 0 ; i < vmDef->nfss ; i++) { // XXX fix to support other mount types if (vmDef->fss[i]->type != VIR_DOMAIN_FS_TYPE_MOUNT) -- 1.6.2