[libvirt] [PATCH] lxc: stop rootless containers from messing with system mounts
Serge E. Hallyn
serue at us.ibm.com
Mon Apr 6 18:47:42 UTC 2009
If a container has no root, liblxc remounts /proc. If the
system had marked / as MS_SHARED, then even though the
container is in a new mounts namespace, the mount event is
propagated back to the host mounts namespace, overwriting
/proc. After that, for instance, ps will no longer show
system processes.
A Fedora 11 default install has / MS_SHARED.
Make sure that root is not MS_SHARED before remounting
/proc. I'm making it MS_SLAVE so that the container
will receive mount events from the host, but not vice
versa.
Signed-off-by: Serge Hallyn <serue at us.ibm.com>
---
src/lxc_container.c | 11 ++++++++++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/src/lxc_container.c b/src/lxc_container.c
index d3959f6..8addd23 100644
--- a/src/lxc_container.c
+++ b/src/lxc_container.c
@@ -273,7 +273,11 @@ static int lxcContainerChildMountSort(const void *a, const void *b)
#endif
#ifndef MS_PRIVATE
-#define MS_PRIVATE 1<<18
+#define MS_PRIVATE (1<<18)
+#endif
+
+#ifndef MS_SLAVE
+#define MS_SLAVE (1<<19)
#endif
static int lxcContainerPivotRoot(virDomainFSDefPtr root)
@@ -558,6 +562,11 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef)
{
int i;
+ if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+ virReportSystemError(NULL, errno, "%s",
+ _("failed to make / slave"));
+ return -1;
+ }
for (i = 0 ; i < vmDef->nfss ; i++) {
// XXX fix to support other mount types
if (vmDef->fss[i]->type != VIR_DOMAIN_FS_TYPE_MOUNT)
--
1.6.2
More information about the libvir-list
mailing list