[libvirt] [PATCH 1/2] LXC: fix the problem that libvirt lxc fail to start on latest kernel

Daniel P. Berrange berrange at redhat.com
Tue Nov 19 14:59:03 UTC 2013 

On Tue, Nov 19, 2013 at 05:53:20PM +0800, Gao feng wrote:
> After kernel commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
> vfs: Lock in place mounts from more privileged users,
> 
> unprivileged user has no rights to move the mounts that
> inherited from parent mountns. we use this feature to move
> the /stateDir/domain-name.{dev, devpts} to the /dev/ and
> /dev/pts directroy of container. this commit breaks libvirt lxc.
> 
> this patch do the moving on host side, we are privileged user
> at this moment.
> 
> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
> ---
>  src/lxc/lxc_container.c  | 81 +-----------------------------------------------
>  src/lxc/lxc_controller.c | 53 +++++++++++++++++++++++++++++++
>  2 files changed, 54 insertions(+), 80 deletions(-)
> 
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index 2bdf957..61283e4 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -953,76 +953,6 @@ static int lxcContainerMountProcFuse(virDomainDefPtr def ATTRIBUTE_UNUSED,
>  }
>  #endif
>  
> -static int lxcContainerMountFSDev(virDomainDefPtr def,
> -                                  const char *stateDir)
> -{
> -    int ret = -1;
> -    char *path = NULL;
> -
> -    VIR_DEBUG("Mount /dev/ stateDir=%s", stateDir);
> -
> -    if ((ret = virAsprintf(&path, "/.oldroot/%s/%s.dev",
> -                           stateDir, def->name)) < 0)
> -        return ret;
> -
> -    if (virFileMakePath("/dev") < 0) {
> -        virReportSystemError(errno, "%s",
> -                             _("Cannot create /dev"));
> -        goto cleanup;
> -    }
> -
> -    VIR_DEBUG("Trying to move %s to /dev", path);
> -
> -    if (mount(path, "/dev", NULL, MS_MOVE, NULL) < 0) {

I wonder if we used  MS_BIND instead of MS_MOVE would we avoid the
problem completely, and thus not need to move this code around ?

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list