[libvirt] [PATCH] LXC: Ensure the init task of container comes from container
Richard found libvirt_lxc execs the lxc init programs within the wrong rootfs context, we should run this init task from the rootfs of container. So chroot to the root directory of container, Make sure libvirt_lxc execs the right lxc init program. Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> --- src/lxc/lxc_container.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 181f6c8..4edff15 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -645,8 +645,9 @@ static int lxcContainerPivotRoot(virDomainFSDefPtr root) goto err; } - /* CWD is undefined after pivot_root, so go to / */ - if (chdir("/") < 0) + /* CWD is undefined after pivot_root, so go to /, + * and chroot to the new root directroy */ + if (chdir("/") < 0 || chroot(".") < 0) goto err; ret = 0; -- 1.8.1.4
Am 14.06.2013 07:54, schrieb Gao feng:
Richard found libvirt_lxc execs the lxc init programs within the wrong rootfs context, we should run this init task from the rootfs of container.
So chroot to the root directory of container, Make sure libvirt_lxc execs the right lxc init program.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> --- src/lxc/lxc_container.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 181f6c8..4edff15 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -645,8 +645,9 @@ static int lxcContainerPivotRoot(virDomainFSDefPtr root) goto err; }
- /* CWD is undefined after pivot_root, so go to / */ - if (chdir("/") < 0) + /* CWD is undefined after pivot_root, so go to /, + * and chroot to the new root directroy */ + if (chdir("/") < 0 || chroot(".") < 0) goto err;
Hmm, that looks fishy to me. We never have to do a chroot(".") after pivot_root(). Thanks, //richard
Am 14.06.2013 07:54, schrieb Gao feng:
Richard found libvirt_lxc execs the lxc init programs within the wrong rootfs context, we should run this init task from the rootfs of container.
So chroot to the root directory of container, Make sure libvirt_lxc execs the right lxc init program.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Found the real issue. See "[PATCH] LXC: Check container init path after pivot_root()". Sorry, I forgot to CC you. Thanks, //richard
On 06/14/2013 02:54 PM, Richard Weinberger wrote:
Am 14.06.2013 07:54, schrieb Gao feng:
Richard found libvirt_lxc execs the lxc init programs within the wrong rootfs context, we should run this init task from the rootfs of container.
So chroot to the root directory of container, Make sure libvirt_lxc execs the right lxc init program.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
Found the real issue. See "[PATCH] LXC: Check container init path after pivot_root()". Sorry, I forgot to CC you.
Get it, Let's drop this one :)
participants (2)
-
Gao feng -
Richard Weinberger