On 10/07/2013 05:52 PM, Bogdan Purcareata wrote:
Securityfs kernel support may not be available on all platforms running libvirt containers. Since securityfs receives special handling in the context of user namespaces, make an additional check to see if it is supported, by inspecting /proc/filesystems.
Making this check for all lxcBasicMounts is a bit tedious, since the /proc filesystem is first unmounted from host, so the /proc/filesystems list should be saved before unmounting, to be available at all times. However, checks for the support for /proc or /sys are superfluous.
In the long run, to support the addition of new filesystems in lxcBasicMounts, an additional "optional" flag should be introduced, to mark that for a specific filesystem, the code should first check for support in the kernel, before mounting it. For mandatory filesystems, if mounting them fails, creating the container fails.
Right now, check for support only for securityfs, since right now it is the only special case.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> --- src/lxc/lxc_container.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 68 insertions(+), 1 deletion(-)
Ok, I know what's wrong, please check my patch. If you think it's good, please add your Acked-by or Reviewed-by