[libvirt] [PATCH] LXC: Improved check before mounting securityfs
Gao feng
gaofeng at cn.fujitsu.com
Mon Oct 7 10:47:04 UTC 2013
On 10/07/2013 05:52 PM, Bogdan Purcareata wrote:
> Securityfs kernel support may not be available on all platforms
> running libvirt containers. Since securityfs receives special
> handling in the context of user namespaces, make an additional
> check to see if it is supported, by inspecting /proc/filesystems.
>
> Making this check for all lxcBasicMounts is a bit tedious, since
> the /proc filesystem is first unmounted from host, so the
> /proc/filesystems list should be saved before unmounting, to be
> available at all times. However, checks for the support for /proc
> or /sys are superfluous.
>
> In the long run, to support the addition of new filesystems in
> lxcBasicMounts, an additional "optional" flag should be introduced,
> to mark that for a specific filesystem, the code should first check
> for support in the kernel, before mounting it. For mandatory
> filesystems, if mounting them fails, creating the container fails.
>
> Right now, check for support only for securityfs, since right now
> it is the only special case.
>
> Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> ---
> src/lxc/lxc_container.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++-
> 1 file changed, 68 insertions(+), 1 deletion(-)
>
Ok, I know what's wrong, please check my patch.
If you think it's good, please add your Acked-by or Reviewed-by
More information about the libvir-list
mailing list