[libvirt] [PATCH] LXC: don't try to mount selinux filesystem when user namespace enabled
Gao feng
gaofeng at cn.fujitsu.com
Thu Sep 12 03:51:31 UTC 2013
Right now we mount selinuxfs even user namespace is enabled and
ignore the error. But we shouldn't ignore these errors when user
namespace is not enabled.
This patch skips mounting selinuxfs when user namespace enabled.
Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
---
src/lxc/lxc_container.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 661ac52..84b1b57 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -797,7 +797,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
#if WITH_SELINUX
if (STREQ(mnts[i].src, SELINUX_MOUNT) &&
- !is_selinux_enabled())
+ (!is_selinux_enabled() || userns_enabled))
continue;
#endif
@@ -814,12 +814,6 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s",
srcpath, mnts[i].dst, mnts[i].type, mnts[i].mflags, mnts[i].opts);
if (mount(srcpath, mnts[i].dst, mnts[i].type, mnts[i].mflags, mnts[i].opts) < 0) {
-#if WITH_SELINUX
- if (STREQ(mnts[i].src, SELINUX_MOUNT) &&
- (errno == EINVAL || errno == EPERM))
- continue;
-#endif
-
virReportSystemError(errno,
_("Failed to mount %s on %s type %s flags=%x opts=%s"),
srcpath, mnts[i].dst, NULLSTR(mnts[i].type),
--
1.8.3.1
More information about the libvir-list
mailing list