Re: [libvirt] [PATCH] LXC: create a bind mount for sysfs when enable userns but disable netns

Am 11.03.2015 um 10:36 schrieb Richard Weinberger: > Am 11.03.2015 um 03:30 schrieb Chen, Hanxiao: >>>> @@ -826,8 +829,25 @@ static int lxcContainerMountBasicFS(bool userns_enabled) >>>> bool bindOverReadonly; >>>> virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; >>>> >>>> + /* When enable userns but disable netns, kernel will >>>> + * forbid us doing a new fresh mount for sysfs. >>>> + * So we had to do a bind mount for sysfs instead. >>>> + */ >>>> + if (userns_enabled && netns_disabled && >>>> + STREQ(mnt->src, "sysfs")) { >>>> + if (VIR_STRDUP(mnt_src, "/sys") < 0) { >>>> + goto cleanup; >>>> + } >>> >>> This is clearly broken and looks very untested to me. >>> >> It's broken now. >> But when I submitted this patch last year, it's not. > > Are you sure? > Just built libvirt v1.2.6-222-ga86b621, head is > commit a86b6215a74b1feb2667204e214fbfd2f7decc5c > Author: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com&gt; > Date: Mon Jul 14 18:01:51 2014 +0800 > > LXC: create a bind mount for sysfs when enable userns but disable netns > > /sys is still an empty directory but as at this time (most likely due to another bug) > libvirt was able to create /sys/fs/cgroup and mounted groups there. > But no sysfs at all is at /sys. > > I mean, how is this supposed to work? You bind mount /sys over /sys... Any further comments on that?