External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-02 01:45:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Ensure we always setup a private mount namespace for LXC controller

Browse Source 
The code for setting up a private /dev/pts for the containers
is also responsible for making the LXC controller have a
private mount namespace. Unfortunately the /dev/pts code is
not run if launching a container without a custom root. This
causes the LXC FUSE mount to leak into the host FS.
This commit is contained in:
Daniel P. Berrange 2013-01-07 18:14:34 +00:00
parent 198c992d26
commit f0e4af91e4
1 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
src/lxc/lxc_controller.c
View File

@ -1142,6 +1142,29 @@ cleanup:
}
static int
virLXCControllerSetupPrivateNS(void)
{
int ret = -1;
if (unshare(CLONE_NEWNS) < 0) {
virReportSystemError(errno, "%s",
_("Cannot unshare mount namespace"));
goto cleanup;
}
if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
virReportSystemError(errno, "%s",
_("Failed to switch root mount into slave mode"));
goto cleanup;
}
ret = 0;
cleanup:
return ret;
}
static int
virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
{
@ -1193,18 +1216,6 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
goto cleanup;
}
if (unshare(CLONE_NEWNS) < 0) {
virReportSystemError(errno, "%s",
_("Cannot unshare mount namespace"));
goto cleanup;
}
if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
virReportSystemError(errno, "%s",
_("Failed to switch root mount into slave mode"));
goto cleanup;
}
if (virAsprintf(&devpts, "%s/dev/pts", root->src) < 0 ||
virAsprintf(&ctrl->devptmx, "%s/dev/pts/ptmx", root->src) < 0) {
virReportOOMError();
@ -1408,6 +1419,9 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
goto cleanup;
}
if (virLXCControllerSetupPrivateNS() < 0)
goto cleanup;
if (virLXCControllerSetupLoopDevices(ctrl) < 0)
goto cleanup;