[libvirt] [PATCH] LXC: securityfs: the src of securityfs should be /sys/kernel/security
Daniel P. Berrange
berrange at redhat.com
Mon Oct 7 10:51:55 UTC 2013
On Mon, Oct 07, 2013 at 06:48:18PM +0800, Gao feng wrote:
> Otherwise we can't know if securityfs is avaiabled.
>
> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
> ---
> src/lxc/lxc_container.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index b1f429c..a15ce59 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -768,8 +768,8 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = {
> { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
> { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
> { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
> - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
> - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
> + { "/sys/kernel/security", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
> + { "/sys/kernel/security", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
> #if WITH_SELINUX
> { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV },
> { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY },
Huh, this isn't right. If this has any functional effect, then it is
merely exposing a bug somewhere else. The 'src' is just an opaque
string for psuedo filesystems like securityfs that shouldn't have any
functional effect.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list