[libvirt] [PATCH] Remove sub-mounts under /dev when starting an LXC container
From: "Daniel P. Berrange" <berrange@redhat.com> Since we are mounting a new /dev in the container, we must remove any sub-mounts like /dev/shm, /dev/mqueue, etc, otherwise they'll be recorded in /proc/mounts, but not be accessible to applications. --- src/lxc/lxc_container.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 071d8d1..910e82b 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1416,10 +1416,11 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, if (lxcContainerPivotRoot(root) < 0) goto cleanup; - /* Gets rid of any existing stuff under /proc, since we need new - * namespace aware versions of those. We must do /proc second - * otherwise we won't find /proc/mounts :-) */ + /* Gets rid of any existing stuff under /proc, /sys & /tmp + * We need new namespace aware versions of those. We must + * do /proc last otherwise we won't find /proc/mounts :-) */ if (lxcContainerUnmountSubtree("/sys", false) < 0 || + lxcContainerUnmountSubtree("/dev", false) < 0 || lxcContainerUnmountSubtree("/proc", false) < 0) goto cleanup; -- 1.7.10.4
On 06/29/2012 09:30 AM, Daniel P. Berrange wrote:
From: "Daniel P. Berrange" <berrange@redhat.com>
Since we are mounting a new /dev in the container, we must remove any sub-mounts like /dev/shm, /dev/mqueue, etc, otherwise they'll be recorded in /proc/mounts, but not be accessible to applications. --- src/lxc/lxc_container.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-)
ACK. -- Eric Blake eblake@redhat.com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (2)
-
Daniel P. Berrange -
Eric Blake