[libvirt] [PATCH 3/3] Honour filesystem readonly flag & make special FS readonly
Daniel P. Berrange
berrange at redhat.com
Fri Jul 22 13:42:01 UTC 2011
From: "Daniel P. Berrange" <berrange at redhat.com>
A container should not be allowed to modify stuff in /sys
or /proc/sys so make them readonly. Make /selinux readonly
so that containers think that selinux is disabled.
Honour the readonly flag when mounting container filesystems
from the guest XML config
* src/lxc/lxc_container.c: Support readonly mounts
---
src/lxc/lxc_container.c | 29 +++++++++++++++++++++++++++++
1 files changed, 29 insertions(+), 0 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 10ebca3..5cb090e 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -363,6 +363,15 @@ static int lxcContainerPivotRoot(virDomainFSDefPtr root)
goto err;
}
+ if (root->readonly) {
+ if (mount(root->src, newroot, NULL, MS_BIND|MS_REC|MS_RDONLY|MS_REMOUNT, NULL) < 0) {
+ virReportSystemError(errno,
+ _("Failed to make new root %s readonly"),
+ root->src);
+ goto err;
+ }
+ }
+
/* Now we chroot into the tmpfs, then pivot into the
* root->src bind-mounted onto '/new' */
if (chdir(newroot) < 0) {
@@ -403,11 +412,20 @@ static int lxcContainerMountBasicFS(const char *srcprefix)
const char *opts;
int flags;
} mnts[] = {
+ /* When we want to make a bind mount readonly, for unknown reasons,
+ * it is currently neccessary to bind it once, and then remount the
+ * bind with the readonly flag. If this is not done, then the original
+ * mount point in the main OS becomes readonly too which si not what
+ * we want. Hence some things have two entries here.
+ */
{ false, "devfs", "/dev", "tmpfs", "mode=755", MS_NOSUID },
{ false, "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
{ false, "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND },
+ { false, "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
{ true, "/sys", "/sys", NULL, NULL, MS_BIND },
+ { true, "/sys", "/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
{ true, "/selinux", "/selinux", NULL, NULL, MS_BIND },
+ { true, "/selinux", "/selinux", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
};
int i, rc = -1;
@@ -573,6 +591,17 @@ static int lxcContainerMountFSBind(virDomainFSDefPtr fs,
goto cleanup;
}
+ if (fs->readonly) {
+ VIR_DEBUG("Binding %s readonly", fs->dst);
+ if (mount(fs->dst, fs->dst, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) {
+ virReportSystemError(errno,
+ _("Failed to make directory %s readonly"),
+ fs->dst);
+ goto cleanup;
+ }
+
+ }
+
ret = 0;
VIR_DEBUG("Done mounting filesystem ret=%d tryProc=%d", ret, tryProc);
--
1.7.6
More information about the libvir-list
mailing list