3:51 a.m.
From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
We bind mount some dir from host to guest.
With userns enabled, if we couldn't know
the dir's ownership, it's better to
mount them as readonly.
Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
---
src/lxc/lxc_container.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 255c711..f3f0c15 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -96,6 +96,8 @@
typedef char lxc_message_t;
#define LXC_CONTINUE_MSG 'c'
+#define OVERFLOWUID 65534
+
typedef struct __lxc_child_argv lxc_child_argv_t;
struct __lxc_child_argv {
virDomainDefPtr config;
@@ -1067,12 +1069,22 @@ static int lxcContainerMountFSBind(virDomainFSDefPtr fs,
char *src = NULL;
int ret = -1;
struct stat st;
+ bool readonly = false;
VIR_DEBUG("src=%s dst=%s", fs->src, fs->dst);
if (virAsprintf(&src, "%s%s", srcprefix, fs->src) < 0)
goto cleanup;
+ if (stat(src, &st) < 0) {
+ virReportSystemError(errno, _("Unable to stat bind source %s"),
+ src);
+ goto cleanup;
+ } else {
+ if (OVERFLOWUID == st.st_uid || OVERFLOWUID == st.st_gid)
+ readonly = true;
+ }
+
if (stat(fs->dst, &st) < 0) {
if (errno != ENOENT) {
virReportSystemError(errno, _("Unable to stat bind target %s"),
@@ -1119,7 +1131,7 @@ static int lxcContainerMountFSBind(virDomainFSDefPtr fs,
goto cleanup;
}
- if (fs->readonly) {
+ if (fs->readonly || readonly) {
VIR_DEBUG("Binding %s readonly", fs->dst);
if (mount(src, fs->dst, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
virReportSystemError(errno,
--
1.8.2.1
4:39 a.m.
On Tue, Nov 12, 2013 at 05:51:45PM +0800, Chen Hanxiao wrote:
From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
We bind mount some dir from host to guest.
With userns enabled, if we couldn't know
the dir's ownership, it's better to
mount them as readonly.
No, if the user has requested the mount to be read-write and we can
not do that, we should fail, not silently change to a read-only
mount.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
5:33 a.m.
-----Original Message-----
From: Daniel P. Berrange [mailto:berrange@redhat.com]
Sent: Tuesday, November 12, 2013 6:39 PM
To: Chen Hanxiao
Cc: libvir-list(a)redhat.com
Subject: Re: [libvirt] [PATCH]lxc: mount dir as readonly if ownership couldn't be
known
On Tue, Nov 12, 2013 at 05:51:45PM +0800, Chen Hanxiao wrote:
> From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com>
>
> We bind mount some dir from host to guest.
> With userns enabled, if we couldn't know
> the dir's ownership, it's better to
> mount them as readonly.
No, if the user has requested the mount to be read-write and we can
not do that, we should fail, not silently change to a read-only
mount.
Thanks. New patch will come soon.
4030
days inactive
4030
days old
2 comments
2 participants
participants (2)
-
Chen Hanxiao -
Daniel P. Berrange