Re: [libvirt] [PATCH 6/6] Skip any files which are not mounted on the host

On 10/07/2013 07:06 AM, Daniel P. Berrange wrote: > From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; > > Currently the LXC container tries to skip selinux/securityfs > mounts if the directory does not exist in the filesystem, > or if SELinux is disabled. > > The former check is flawed because the /sys/fs/selinux > or /sys/kernel/securityfs directories may exist in sysfs > even if the mount type is disabled. Instead of just doing > an access() check, use an virFileIsMounted() to see if > the FS is actually present in the host OS. This also > avoids the need to check is_selinux_enabled(). > > Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; > --- > src/lxc/lxc_container.c | 37 +++++++++++++++++++++++-------------- > 1 file changed, 23 insertions(+), 14 deletions(-) > > static const virLXCBasicMountInfo lxcBasicMounts[] = { > - { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, > - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false }, > - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false }, > - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, > + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, > + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false }, > + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false }, > + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, > #if WITH_SELINUX > - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, > + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, All your bools are either both false or both true; does it make sense to consolidate them into one, or will a future patch expose a need for a different combo?