[libvirt] [PATCH 2/2] Ensure root filesystem is recursively mounted readonly
Eric Blake
eblake at redhat.com
Thu Sep 12 02:26:15 UTC 2013
On 09/10/2013 06:46 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange at redhat.com>
>
> If the guest is configured with
>
> <filesystem type='mount'>
> <source dir='/'/>
> <target dir='/'/>
> <readonly/>
> </filesystem>
>
> Then any submounts under / should also end up readonly, except
> for those setup as basic mounts. eg if the user has /home on a
> separate volume, they'd expect /home to be readonly, but we
> should not touch the /sys, /proc, etc dirs we setup ourselves.
>
> Users can selectively make sub-mounts read-write again by
> simply listing them as new mounts without the <readonly>
> flag set
>
> <filesystem type='mount'>
> <source dir='/home'/>
> <target dir='/home'/>
> </filesystem>
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> src/lxc/lxc_container.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++--
> 1 file changed, 88 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index d51cdc4..38d95b0 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -532,7 +532,6 @@ static int lxcContainerGetSubtree(const char *prefix,
> }
>
> while (getmntent_r(procmnt, &mntent, mntbuf, sizeof(mntbuf)) != NULL) {
> - VIR_DEBUG("Got %s", mntent.mnt_dir);
> if (!STRPREFIX(mntent.mnt_dir, prefix))
> continue;
>
> @@ -541,7 +540,6 @@ static int lxcContainerGetSubtree(const char *prefix,
> if (VIR_STRDUP(mounts[nmounts], mntent.mnt_dir) < 0)
> goto cleanup;
> nmounts++;
> - VIR_DEBUG("Grabbed %s", mntent.mnt_dir);
> }
>
> if (mounts)
> @@ -779,6 +777,76 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = {
> };
>
>
> +static bool lxcIsBasicMountLocation(const char *path)
> +{
> + size_t i;
> +
> + for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) {
> + if (STRPREFIX(path, lxcBasicMounts[i].dst))
> + return true;
This will still have false positives. If I create a bind mount at
/sys/fs, then STRPREFIX("/sys/fs", "/sys" will return true, even though
it's not the basic mount. Likewise, if I create a mount at /system, it
will return true. Don't you want STREQ rather than STRPREFIX?
> +
> + while (getmntent_r(procmnt, &mntent, mntbuf, sizeof(mntbuf)) != NULL) {
> + if (STREQ(mntent.mnt_dir, "/") ||
> + STREQ(mntent.mnt_dir, "/.oldroot") ||
> + STRPREFIX(mntent.mnt_dir, "/.oldroot/") ||
> + lxcIsBasicMountLocation(mntent.mnt_dir))
> + continue;
This part looks okay, though.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 621 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130911/a3b1b649/attachment-0001.sig>
More information about the libvir-list
mailing list