[libvirt] [PATCH 2/2] Ensure root filesystem is recursively mounted readonly

Wed Sep 11 08:15:06 UTC 2013

On 09/10/2013 08:46 PM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
> 
> If the guest is configured with
> 
>     <filesystem type='mount'>
>       <source dir='/'/>
>       <target dir='/'/>
>       <readonly/>
>     </filesystem>
> 
> Then any submounts under / should also end up readonly, except
> for those setup as basic mounts. eg if the user has /home on a
> separate volume, they'd expect /home to be readonly, but we
> should not touch the /sys, /proc, etc dirs we setup ourselves.
> 
> Users can selectively make sub-mounts read-write again by
> simply listing them as new mounts without the <readonly>
> flag set
> 
>     <filesystem type='mount'>
>       <source dir='/home'/>
>       <target dir='/home'/>
>     </filesystem>
> 
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
>  src/lxc/lxc_container.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 88 insertions(+), 2 deletions(-)
> 
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index d51cdc4..38d95b0 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -532,7 +532,6 @@ static int lxcContainerGetSubtree(const char *prefix,
>      }
>  
>      while (getmntent_r(procmnt, &mntent, mntbuf, sizeof(mntbuf)) != NULL) {
> -        VIR_DEBUG("Got %s", mntent.mnt_dir);
>          if (!STRPREFIX(mntent.mnt_dir, prefix))
>              continue;
>  
> @@ -541,7 +540,6 @@ static int lxcContainerGetSubtree(const char *prefix,
>          if (VIR_STRDUP(mounts[nmounts], mntent.mnt_dir) < 0)
>              goto cleanup;
>          nmounts++;
> -        VIR_DEBUG("Grabbed %s", mntent.mnt_dir);
>      }
>  
>      if (mounts)
> @@ -779,6 +777,76 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = {
>  };
>  
>  
> +static bool lxcIsBasicMountLocation(const char *path)
> +{
> +    size_t i;
> +
> +    for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) {
> +        if (STRPREFIX(path, lxcBasicMounts[i].dst))
> +            return true;
> +    }
> +
> +    return false;
> +}
> +
> +
> +static int lxcContainerSetReadOnly(virDomainFSDefPtr root)
> +{
> +    FILE *procmnt;
> +    struct mntent mntent;
> +    char mntbuf[1024];
> +    int ret = -1;
> +    char **mounts = NULL;
> +    size_t nmounts = 0;
> +    size_t i;
> +
> +    VIR_DEBUG("root=%s", root->src);

seems root is only used for debug message?

The other looks good to me.

ACK