vz should check whether it is being called from inside a container

Apollon Oikonomopoulos Mon, 20 Sep 2010 07:09:16 -0700

Package: vzctl
Version: 3.0.22-14
Severity: normal
Tags: patch

Hi,


/etc/init.d/vz currently only checks for the presence of /proc/vz to
determine whether it should run or not. However, /proc/vz actually
exists inside the containers as well, and as such is not a sufficient
check. If /etc/init.d/vz is present inside a container, then its stop
action will attempt to unmount the container's root filesystem, failing
and in turn killing all processes inside the container
(/etc/init.d/vz:453). This also makes it impossible to uninstall the
vzctl package from a container without editing the initscript directly.

Thus, instead of checking for the presence of /proc/vz, the
initscript should (additionally or instead) check for the presence of
some VE0-only feature, such as /dev/vzctl or /proc/vz/version.

Attached is a patch additionally checking for the presence of
/dev/vzctl and calling check_kernel() before stop_ves().

Thanks

-- System Information:
Debian Release: 5.0.6
  APT prefers stable
  APT policy: (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-openvz-686 (SMP w/8 CPU cores)
Locale: LANG=el_GR.UTF-8, LC_CTYPE=el_GR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages vzctl depends on:
ii  iproute                     20080725-2   networking and traffic control too
ii  libc6                       2.7-18lenny4 GNU C Library: Shared libraries
ii  vzquota                     3.0.11-1     server virtualization solution - q

Versions of packages vzctl recommends:
ii  rsync                         3.0.3-2    fast remote file copy program (lik

Versions of packages vzctl suggests:
pn  linux-patch-openvz            <none>     (no description available)

-- no debconf information

--- etc/init.d/vz.orig	2010-09-20 16:37:44.000000000 +0300
+++ etc/init.d/vz	2010-09-20 16:37:52.000000000 +0300
@@ -166,6 +166,9 @@
 	if ! test -d /proc/vz ; then
 		print_failure "Running kernel is not OpenVZ kernel."
 		exit 1
+	elif ! test -c /dev/vzctl ; then
+		print_failure "Running kernel is OpenVZ, but we are inside a container."
+		exit 1
 	fi
 }
 
@@ -553,6 +556,8 @@
 {
 	local mod
 
+	check_kernel
+
 	if ! lockfile $LOCKFILE; then
 		__echo "OpenVZ is locked"
 		print_failure

Bug#597522: vzctl: /etc/init.d/vz should check whether it is being called from inside a container

Reply via email to