From: Chen Hanxiao <chenhanxiao@cn.fujitsu.com> We bind mount some dir from host to guest. With userns enabled, if we couldn't know the dir's ownership, it's better to mount them as readonly. Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com> --- src/lxc/lxc_container.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 255c711..f3f0c15 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -96,6 +96,8 @@ typedef char lxc_message_t; #define LXC_CONTINUE_MSG 'c' +#define OVERFLOWUID 65534 + typedef struct __lxc_child_argv lxc_child_argv_t; struct __lxc_child_argv { virDomainDefPtr config; @@ -1067,12 +1069,22 @@ static int lxcContainerMountFSBind(virDomainFSDefPtr fs, char *src = NULL; int ret = -1; struct stat st; + bool readonly = false; VIR_DEBUG("src=%s dst=%s", fs->src, fs->dst); if (virAsprintf(&src, "%s%s", srcprefix, fs->src) < 0) goto cleanup; + if (stat(src, &st) < 0) { + virReportSystemError(errno, _("Unable to stat bind source %s"), + src); + goto cleanup; + } else { + if (OVERFLOWUID == st.st_uid || OVERFLOWUID == st.st_gid) + readonly = true; + } + if (stat(fs->dst, &st) < 0) { if (errno != ENOENT) { virReportSystemError(errno, _("Unable to stat bind target %s"), @@ -1119,7 +1131,7 @@ static int lxcContainerMountFSBind(virDomainFSDefPtr fs, goto cleanup; } - if (fs->readonly) { + if (fs->readonly || readonly) { VIR_DEBUG("Binding %s readonly", fs->dst); if (mount(src, fs->dst, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { virReportSystemError(errno, -- 1.8.2.1