[libvirt] [PATCH] Don't mount /dev for application containers
Eric Blake
eblake at redhat.com
Thu Aug 4 16:38:59 UTC 2011
On 08/04/2011 10:17 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange"<berrange at redhat.com>
>
> An application container shouldn't get a private /dev. Fix
> the regression from 6d37888e6a35a37e6faf7c0a1b1b4d9a5dee1285
>
> * src/lxc/lxc_container.c: Don't mount /dev for app containers
> ---
> src/lxc/lxc_container.c | 34 ++++++++++++++++++++++------------
> 1 files changed, 22 insertions(+), 12 deletions(-)
>
> @@ -419,20 +420,28 @@ static int lxcContainerMountBasicFS(const char *srcprefix)
> * mount point in the main OS becomes readonly too which si not what
pre-existing, but while you're here: s/si/is/
> * we want. Hence some things have two entries here.
> */
> - { false, "devfs", "/dev", "tmpfs", "mode=755", MS_NOSUID },
> - { false, "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
> - { false, "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND },
> - { false, "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
> - { true, "/sys", "/sys", NULL, NULL, MS_BIND },
> - { true, "/sys", "/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
> - { true, "/selinux", "/selinux", NULL, NULL, MS_BIND },
> - { true, "/selinux", "/selinux", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
> + { true, false, "devfs", "/dev", "tmpfs", "mode=755", MS_NOSUID },
Adding the new bool at the front of the struct threw me for a loop on my
first read, but it looks correct, so not a problem.
ACK with the typo fix squashed in.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
More information about the libvir-list
mailing list