[libvirt] [PATCH v2 2/2] LXC: don't unmount mounts for shared root
Daniel P. Berrange
berrange at redhat.com
Tue Nov 26 16:48:21 UTC 2013
On Wed, Nov 20, 2013 at 10:11:09AM +0800, Gao feng wrote:
> Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
> vfs: Lock in place mounts from more privileged users,
>
> unprivileged user has no rights to umount the mounts that
> inherited from parent mountns.
>
> right now, I have no good idea to fix this problem, we need
> to do more research. this patch just skip unmounting these
> mounts for shared root.
>
> BTW, I think when libvirt lxc enables user namespace, the
> configuation that shares root with host is very rara.
>
> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
> ---
> src/lxc/lxc_container.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index 3d9b491..fbce8e8 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -1664,7 +1664,9 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
> if (lxcContainerPivotRoot(root) < 0)
> goto cleanup;
>
> - if (STREQ(root->src, "/") &&
> + /* FIXME: we should find a way to unmount these mounts for container
> + * even user namespace is enabled. */
> + if (STREQ(root->src, "/") && (!vmDef->idmap.nuidmap) &&
> lxcContainerUnmountForSharedRoot(stateDir, vmDef->name) < 0)
> goto cleanup;
ACK, this sucks but we have no choice for now. Fortunately not unmounting
these things isn't really harmful - just clutter in /proc/mounts.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list