On Tue, Nov 19, 2013 at 05:53:20PM +0800, Gao feng wrote:
After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users,
unprivileged user has no rights to move the mounts that inherited from parent mountns. we use this feature to move the /stateDir/domain-name.{dev, devpts} to the /dev/ and /dev/pts directroy of container. this commit breaks libvirt lxc.
this patch do the moving on host side, we are privileged user at this moment.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> --- src/lxc/lxc_container.c | 81 +----------------------------------------------- src/lxc/lxc_controller.c | 53 +++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 80 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 2bdf957..61283e4 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -953,76 +953,6 @@ static int lxcContainerMountProcFuse(virDomainDefPtr def ATTRIBUTE_UNUSED, } #endif
-static int lxcContainerMountFSDev(virDomainDefPtr def, - const char *stateDir) -{ - int ret = -1; - char *path = NULL; - - VIR_DEBUG("Mount /dev/ stateDir=%s", stateDir); - - if ((ret = virAsprintf(&path, "/.oldroot/%s/%s.dev", - stateDir, def->name)) < 0) - return ret; - - if (virFileMakePath("/dev") < 0) { - virReportSystemError(errno, "%s", - _("Cannot create /dev")); - goto cleanup; - } - - VIR_DEBUG("Trying to move %s to /dev", path); - - if (mount(path, "/dev", NULL, MS_MOVE, NULL) < 0) {
I wonder if we used MS_BIND instead of MS_MOVE would we avoid the problem completely, and thus not need to move this code around ? Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|