[lxc-devel] [lxc/master] Fix issue #1702, do remount with the MS_REMOUNT flag when mounts with MS_RDONLY

Sun, 16 Jul 2017 18:12:07 -0700 

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/1706

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
If we want to mount a readonly rootfs. LXC calls mount() only once in the function `dir_mount `, to do the bind mount.  with the ro mount flag. But because of the behavior of the Linux kernel regarding bind mounts it ignores the MS_RDONLY flag and the bind mount stays writable. ["kernel bug #24912" ](https://bugzilla.kernel.org/show_bug.cgi?id=24912)

Changing mount options requires a second mount() with the MS_REMOUNT flag. LXC should therefore handle this case be doing the rootfs mount in two steps:

1. bind mounting the rootfs
2. re-mount with MS_REMOUNT | MS_BIND | MS_RDONLY

This patch will resolve issue #1702 and #570.

Signed-off-by: Li Feng <[email protected]>

From 0a693043fb54b2433e0936a2f69f3179e7591613 Mon Sep 17 00:00:00 2001
From: Li Feng <[email protected]>
Date: Mon, 17 Jul 2017 17:09:16 +0800
Subject: [PATCH] Fix issue #1702, do remount with the MS_REMOUNT flag when
 mounts with MS_RDONLY

Signed-off-by: Li Feng <[email protected]>
---
 src/lxc/bdev/lxcdir.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/lxc/bdev/lxcdir.c b/src/lxc/bdev/lxcdir.c
index 652d7e08f..0778df1cc 100644
--- a/src/lxc/bdev/lxcdir.c
+++ b/src/lxc/bdev/lxcdir.c
@@ -151,6 +151,12 @@ int dir_mount(struct bdev *bdev)
        src = lxc_storage_get_path(bdev->src, bdev->type);
 
        ret = mount(src, bdev->dest, "bind", MS_BIND | MS_REC | mntflags, 
mntdata);
+       if ((0 == ret) && (mntflags & MS_RDONLY)) {
+               DEBUG("remounting %s on %s with readonly options",
+                       src ? src : "(none)", bdev->dest ? bdev->dest : 
"(none)");
+               ret = mount(src, bdev->dest, "bind", MS_BIND | MS_REC | 
mntflags | MS_REMOUNT, mntdata);
+       }
+
        free(mntdata);
        return ret;
 }

_______________________________________________
lxc-devel mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-devel

Reply via email to