Re: [libvirt] [PATCH 2/2] Ensure root filesystem is recursively mounted readonly

On 09/10/2013 08:46 PM, Daniel P. Berrange wrote:

From: "Daniel P. Berrange" <berrange@redhat.com>

If the guest is configured with

<filesystem type='mount'> <source dir='/'/> <target dir='/'/> <readonly/> </filesystem>

Then any submounts under / should also end up readonly, except for those setup as basic mounts. eg if the user has /home on a separate volume, they'd expect /home to be readonly, but we should not touch the /sys, /proc, etc dirs we setup ourselves.

Users can selectively make sub-mounts read-write again by simply listing them as new mounts without the <readonly> flag set

<filesystem type='mount'> <source dir='/home'/> <target dir='/home'/> </filesystem>

Signed-off-by: Daniel P. Berrange <berrange@redhat.com> --- src/lxc/lxc_container.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 88 insertions(+), 2 deletions(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index d51cdc4..38d95b0 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -532,7 +532,6 @@ static int lxcContainerGetSubtree(const char *prefix, }

while (getmntent_r(procmnt, &mntent, mntbuf, sizeof(mntbuf)) != NULL) { - VIR_DEBUG("Got %s", mntent.mnt_dir); if (!STRPREFIX(mntent.mnt_dir, prefix)) continue;

@@ -541,7 +540,6 @@ static int lxcContainerGetSubtree(const char *prefix, if (VIR_STRDUP(mounts[nmounts], mntent.mnt_dir) < 0) goto cleanup; nmounts++; - VIR_DEBUG("Grabbed %s", mntent.mnt_dir); }

if (mounts) @@ -779,6 +777,76 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = { };

+static bool lxcIsBasicMountLocation(const char *path) +{ + size_t i; + + for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { + if (STRPREFIX(path, lxcBasicMounts[i].dst)) + return true; + } + + return false; +} + + +static int lxcContainerSetReadOnly(virDomainFSDefPtr root) +{ + FILE *procmnt; + struct mntent mntent; + char mntbuf[1024]; + int ret = -1; + char **mounts = NULL; + size_t nmounts = 0; + size_t i; + + VIR_DEBUG("root=%s", root->src);

seems root is only used for debug message? The other looks good to me. ACK