[libvirt] [PATCH]lxc: don't start container when no root fs found
From: Chen Hanxiao <chenhanxiao@cn.fujitsu.com> Currently, if we don't explicitly add root fs for container, libvirt will add one for us implicitly with "/" as src. It would be not safe. Unless user asked for it, we should not assume this. Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com> --- src/lxc/lxc_process.c | 29 +++++++---------------------- 1 file changed, 7 insertions(+), 22 deletions(-) diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c index 4835bd5..4f4a906 100644 --- a/src/lxc/lxc_process.c +++ b/src/lxc/lxc_process.c @@ -911,29 +911,14 @@ virLXCProcessEnsureRootFS(virDomainObjPtr vm) { virDomainFSDefPtr root = virDomainGetRootFilesystem(vm->def); - if (root) + if (root) { return 0; - - if (VIR_ALLOC(root) < 0) - goto error; - - root->type = VIR_DOMAIN_FS_TYPE_MOUNT; - - if (VIR_STRDUP(root->src, "/") < 0 || - VIR_STRDUP(root->dst, "/") < 0) - goto error; - - if (VIR_INSERT_ELEMENT(vm->def->fss, - 0, - vm->def->nfss, - root) < 0) - goto error; - - return 0; - -error: - virDomainFSDefFree(root); - return -1; + } else { + errno = EINVAL; + virReportSystemError(errno, "%s", + _("No root fs found for container")); + return -1; + } } /** -- 1.8.2.1
On Fri, Sep 27, 2013 at 08:27:06PM +0800, Chen Hanxiao wrote:
From: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Currently, if we don't explicitly add root fs for container, libvirt will add one for us implicitly with "/" as src. It would be not safe. Unless user asked for it, we should not assume this.
Nonsense. This is the defined semantics of the configuration. The container inherits the root filesystem unless otherwise overriden. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
-----Original Message----- From: Daniel P. Berrange [mailto:berrange@redhat.com] Sent: Friday, September 27, 2013 8:35 PM To: Chen Hanxiao Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH]lxc: don't start container when no root fs found
On Fri, Sep 27, 2013 at 08:27:06PM +0800, Chen Hanxiao wrote:
From: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Currently, if we don't explicitly add root fs for container, libvirt will add one for us implicitly with "/" as src. It would be not safe. Unless user asked for it, we should not assume this.
Nonsense. This is the defined semantics of the configuration. The container inherits the root filesystem unless otherwise overriden.
Thanks for clarification. I read the lxc driver doc once more and got what your pointed out...
Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
participants (2)
-
Chen Hanxiao -
Daniel P. Berrange