The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/1725
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner <[email protected]>
From 1ae3c19f4775a4a124d39c99f21674bb4ab53440 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:00:44 +0200 Subject: [PATCH 01/18] conf: mount_file_entries() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 32 ++++++++++++-------------------- 1 file changed, 12 insertions(+), 20 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 25d29c20a..016114b83 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1989,35 +1989,27 @@ static int mount_entry_on_relative_rootfs(struct mntent *mntent, } static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file, - const char *lxc_name, const char *lxc_path) + const char *lxc_name, const char *lxc_path) { struct mntent mntent; char buf[4096]; int ret = -1; while (getmntent_r(file, &mntent, buf, sizeof(buf))) { - - if (!rootfs->path) { - if (mount_entry_on_systemfs(&mntent)) - goto out; - continue; - } - - /* We have a separate root, mounts are relative to it */ - if (mntent.mnt_dir[0] != '/') { - if (mount_entry_on_relative_rootfs(&mntent, rootfs, lxc_name, lxc_path)) - goto out; - continue; - } - - if (mount_entry_on_absolute_rootfs(&mntent, rootfs, lxc_name, lxc_path)) - goto out; + if (!rootfs->path) + ret = mount_entry_on_systemfs(&mntent); + else if (mntent.mnt_dir[0] != '/') + ret = mount_entry_on_relative_rootfs(&mntent, rootfs, + lxc_name, lxc_path); + else + ret = mount_entry_on_absolute_rootfs(&mntent, rootfs, + lxc_name, lxc_path); + if (ret < 0) + return -1; } - ret = 0; - INFO("mount points have been setup"); -out: + INFO("Set up mount entries"); return ret; } From 42dff448189dc26970eaf6ad4c4f6e5acd0b8aa4 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:03:14 +0200 Subject: [PATCH 02/18] conf: setup_mount() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 016114b83..e301a72a5 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2014,23 +2014,25 @@ static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file, } static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab, - const char *lxc_name, const char *lxc_path) + const char *lxc_name, const char *lxc_path) { - FILE *file; + FILE *f; int ret; if (!fstab) return 0; - file = setmntent(fstab, "r"); - if (!file) { - SYSERROR("failed to use '%s'", fstab); + f = setmntent(fstab, "r"); + if (!f) { + SYSERROR("Failed to open \"%s\"", fstab); return -1; } - ret = mount_file_entries(rootfs, file, lxc_name, lxc_path); + ret = mount_file_entries(rootfs, f, lxc_name, lxc_path); + if (ret < 0) + ERROR("Failed to set up mount entries"); - endmntent(file); + endmntent(f); return ret; } From 6bd0414042858ccaa5ab2ea6169b411bff9258f9 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:07:10 +0200 Subject: [PATCH 03/18] conf: make_anonymous_mount_file() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index e301a72a5..dd2b28cae 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2041,39 +2041,42 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount) int ret; char *mount_entry; struct lxc_list *iterator; - FILE *file; + FILE *f; int fd = -1; fd = memfd_create("lxc_mount_file", MFD_CLOEXEC); if (fd < 0) { if (errno != ENOSYS) return NULL; - file = tmpfile(); + f = tmpfile(); + TRACE("Created temporary mount file"); } else { - file = fdopen(fd, "r+"); + f = fdopen(fd, "r+"); + TRACE("Created anonymous mount file"); } - if (!file) { - int saved_errno = errno; + if (!f) { + SYSERROR("Could not create mount file"); if (fd != -1) close(fd); - ERROR("Could not create mount entry file: %s.", strerror(saved_errno)); return NULL; } lxc_list_for_each(iterator, mount) { mount_entry = iterator->elem; - ret = fprintf(file, "%s\n", mount_entry); + ret = fprintf(f, "%s\n", mount_entry); if (ret < strlen(mount_entry)) - WARN("Could not write mount entry to anonymous mount file."); + WARN("Could not write mount entry to mount file"); } - if (fseek(file, 0, SEEK_SET) < 0) { - fclose(file); + ret = fseek(f, 0, SEEK_SET); + if (ret < 0) { + SYSERROR("Failed to seek mount file"); + fclose(f); return NULL; } - return file; + return f; } static int setup_mount_entries(const struct lxc_rootfs *rootfs, From 19b5d7557baeb0483da26521f41ddb57b8dc8d78 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:11:32 +0200 Subject: [PATCH 04/18] conf: setup_mount_entries() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index dd2b28cae..2ee050265 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2083,16 +2083,16 @@ static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount, const char *lxc_name, const char *lxc_path) { - FILE *file; + FILE *f; int ret; - file = make_anonymous_mount_file(mount); - if (!file) + f = make_anonymous_mount_file(mount); + if (!f) return -1; - ret = mount_file_entries(rootfs, file, lxc_name, lxc_path); + ret = mount_file_entries(rootfs, f, lxc_name, lxc_path); - fclose(file); + fclose(f); return ret; } From bdd2b34c4147b663ffa6dc62089233d11e6ec66e Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:14:48 +0200 Subject: [PATCH 05/18] conf: mount_entry_on_absolute_rootfs() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 28 ++++++++++++---------------- 1 file changed, 12 insertions(+), 16 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 2ee050265..ce9507e99 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1927,21 +1927,21 @@ static int mount_entry_on_absolute_rootfs(struct mntent *mntent, const char *lxc_name, const char *lxc_path) { + int offset; char *aux; - char path[MAXPATHLEN]; - int r, ret = 0, offset; const char *lxcpath; + char path[MAXPATHLEN]; + int ret = 0; lxcpath = lxc_global_config_value("lxc.lxcpath"); - if (!lxcpath) { - ERROR("Out of memory"); + if (!lxcpath) return -1; - } - /* if rootfs->path is a blockdev path, allow container fstab to - * use $lxcpath/CN/rootfs as the target prefix */ - r = snprintf(path, MAXPATHLEN, "%s/%s/rootfs", lxcpath, lxc_name); - if (r < 0 || r >= MAXPATHLEN) + /* If rootfs->path is a blockdev path, allow container fstab to use + * <lxcpath>/<name>/rootfs" as the target prefix. + */ + ret = snprintf(path, MAXPATHLEN, "%s/%s/rootfs", lxcpath, lxc_name); + if (ret < 0 || ret >= MAXPATHLEN) goto skipvarlib; aux = strstr(mntent->mnt_dir, path); @@ -1953,19 +1953,15 @@ static int mount_entry_on_absolute_rootfs(struct mntent *mntent, skipvarlib: aux = strstr(mntent->mnt_dir, rootfs->path); if (!aux) { - WARN("ignoring mount point '%s'", mntent->mnt_dir); + WARN("Ignoring mount point \"%s\"", mntent->mnt_dir); return ret; } offset = strlen(rootfs->path); skipabs: - - r = snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount, - aux + offset); - if (r < 0 || r >= MAXPATHLEN) { - WARN("pathnme too long for '%s'", mntent->mnt_dir); + ret = snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount, aux + offset); + if (ret < 0 || ret >= MAXPATHLEN) return -1; - } return mount_entry_on_generic(mntent, path, rootfs, lxc_name, lxc_path); } From 07667a6a1858f76af981d9cca707bce6a2b5d2d9 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:15:56 +0200 Subject: [PATCH 06/18] conf: mount_entry_on_systemfs() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index ce9507e99..f9ed38c33 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1904,20 +1904,18 @@ static inline int mount_entry_on_generic(struct mntent *mntent, static inline int mount_entry_on_systemfs(struct mntent *mntent) { - char path[MAXPATHLEN]; int ret; + char path[MAXPATHLEN]; /* For containers created without a rootfs all mounts are treated as - * absolute paths starting at / on the host. */ + * absolute paths starting at / on the host. + */ if (mntent->mnt_dir[0] != '/') ret = snprintf(path, sizeof(path), "/%s", mntent->mnt_dir); else ret = snprintf(path, sizeof(path), "%s", mntent->mnt_dir); - - if (ret < 0 || ret >= sizeof(path)) { - ERROR("path name too long"); + if (ret < 0 || ret >= sizeof(path)) return -1; - } return mount_entry_on_generic(mntent, path, NULL, NULL, NULL); } From d8b712bc61cb06f808bbf0d77da210c24eba8af8 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:18:38 +0200 Subject: [PATCH 07/18] conf: mount_entry_on_generic() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index f9ed38c33..c5c056cb7 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1870,30 +1870,36 @@ static int mount_entry_create_dir_file(const struct mntent *mntent, /* rootfs, lxc_name, and lxc_path can be NULL when the container is created * without a rootfs. */ static inline int mount_entry_on_generic(struct mntent *mntent, - const char* path, const struct lxc_rootfs *rootfs, - const char *lxc_name, const char *lxc_path) + const char *path, + const struct lxc_rootfs *rootfs, + const char *lxc_name, + const char *lxc_path) { + int ret; unsigned long mntflags; char *mntdata; - int ret; - bool optional = hasmntopt(mntent, "optional") != NULL; - bool dev = hasmntopt(mntent, "dev") != NULL; - + bool dev, optional; char *rootfs_path = NULL; + + optional = hasmntopt(mntent, "optional") != NULL; + dev = hasmntopt(mntent, "dev") != NULL; + if (rootfs && rootfs->path) rootfs_path = rootfs->mount; - ret = mount_entry_create_dir_file(mntent, path, rootfs, lxc_name, lxc_path); - - if (ret < 0) - return optional ? 0 : -1; + ret = mount_entry_create_dir_file(mntent, path, rootfs, lxc_name, + lxc_path); + if (ret < 0) { + if (optional) + return 0; + return -1; + } cull_mntent_opt(mntent); - if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) { - free(mntdata); + ret = parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata); + if (ret < 0) return -1; - } ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type, mntflags, mntdata, optional, dev, rootfs_path); From 2c4edd7d755e0bbe9660f074a6b62eda82dd76fe Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:35:29 +0200 Subject: [PATCH 08/18] conf: mount_entry_create_dir_file() bugfixes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 64 +++++++++++++++++++++++++++++++++------------------------- 1 file changed, 36 insertions(+), 28 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index c5c056cb7..aaf43ec56 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1827,44 +1827,52 @@ static void cull_mntent_opt(struct mntent *mntent) } static int mount_entry_create_dir_file(const struct mntent *mntent, - const char* path, const struct lxc_rootfs *rootfs, - const char *lxc_name, const char *lxc_path) + const char *path, + const struct lxc_rootfs *rootfs, + const char *lxc_name, + const char *lxc_path) { - char *pathdirname = NULL; - int ret = 0; - FILE *pathfile = NULL; + int ret; - if (strncmp(mntent->mnt_type, "overlay", 7) == 0) { - if (ovl_mkdir(mntent, rootfs, lxc_name, lxc_path) < 0) - return -1; - } else if (strncmp(mntent->mnt_type, "aufs", 4) == 0) { - if (aufs_mkdir(mntent, rootfs, lxc_name, lxc_path) < 0) - return -1; - } + if (!strncmp(mntent->mnt_type, "overlay", 7)) + ret = ovl_mkdir(mntent, rootfs, lxc_name, lxc_path); + else if (!strncmp(mntent->mnt_type, "aufs", 4)) + ret = aufs_mkdir(mntent, rootfs, lxc_name, lxc_path); + if (ret < 0) + return -1; if (hasmntopt(mntent, "create=dir")) { - if (mkdir_p(path, 0755) < 0) { - WARN("Failed to create mount target '%s'", path); - ret = -1; + ret = mkdir_p(path, 0755); + if (ret < 0 && errno != EEXIST) { + SYSERROR("Failed to create directory \"%s\"", path); + return -1; } } if (hasmntopt(mntent, "create=file") && access(path, F_OK)) { - pathdirname = strdup(path); - pathdirname = dirname(pathdirname); - if (mkdir_p(pathdirname, 0755) < 0) { - WARN("Failed to create target directory"); - } - pathfile = fopen(path, "wb"); - if (!pathfile) { - WARN("Failed to create mount target '%s'", path); - ret = -1; - } else { - fclose(pathfile); + int fd; + char *p1, *p2; + + p1 = strdup(path); + if (!p1) + return -1; + + p2 = dirname(p1); + + ret = mkdir_p(p2, 0755); + free(p1); + if (ret < 0 && errno != EEXIST) { + SYSERROR("Failed to create directory \"%s\"", path); + return -1; } + + fd = open(path, O_CREAT, 0644); + if (fd < 0) + return -1; + close(fd); } - free(pathdirname); - return ret; + + return 0; } /* rootfs, lxc_name, and lxc_path can be NULL when the container is created From 6b9293de1089d45de0bb53cc30209956faff1238 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:38:44 +0200 Subject: [PATCH 09/18] conf: cull_mntent_opt() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index aaf43ec56..f31ab7fd8 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1801,28 +1801,27 @@ static int mount_entry(const char *fsname, const char *target, return 0; } -/* - * Remove 'optional', 'create=dir', and 'create=file' from mntopt - */ +/* Remove "optional", "create=dir", and "create=file" from mntopt */ static void cull_mntent_opt(struct mntent *mntent) { int i; - char *p, *p2; - char *list[] = {"create=dir", - "create=file", - "optional", - NULL }; - - for (i=0; list[i]; i++) { - if (!(p = strstr(mntent->mnt_opts, list[i]))) + char *list[] = {"create=dir", "create=file", "optional", NULL}; + + for (i = 0; list[i]; i++) { + char *p, *p2; + + p = strstr(mntent->mnt_opts, list[i]); + if (!p) continue; + p2 = strchr(p, ','); if (!p2) { /* no more mntopts, so just chop it here */ *p = '\0'; continue; } - memmove(p, p2+1, strlen(p2+1)+1); + + memmove(p, p2 + 1, strlen(p2 + 1) + 1); } } From 012149866b392fa9b4057a113d9ada14e59a1a5d Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:46:14 +0200 Subject: [PATCH 10/18] conf: mount_entry() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 68 +++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 41 insertions(+), 27 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index f31ab7fd8..69626fbd4 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1726,77 +1726,91 @@ static char *get_field(char *src, int nfields) static int mount_entry(const char *fsname, const char *target, const char *fstype, unsigned long mountflags, - const char *data, int optional, int dev, const char *rootfs) + const char *data, int optional, int dev, + const char *rootfs) { + int ret; #ifdef HAVE_STATVFS struct statvfs sb; #endif - if (safe_mount(fsname, target, fstype, mountflags & ~MS_REMOUNT, data, rootfs)) { + ret = safe_mount(fsname, target, fstype, mountflags & ~MS_REMOUNT, data, + rootfs); + if (ret < 0) { if (optional) { - INFO("failed to mount '%s' on '%s' (optional): %s", fsname, - target, strerror(errno)); + INFO("Failed to mount \"%s\" on \"%s\" (optional): %s", + fsname, target, strerror(errno)); return 0; } - else { - SYSERROR("failed to mount '%s' on '%s'", fsname, target); - return -1; - } + + SYSERROR("Failed to mount \"%s\" on \"%s\"", fsname, target); + return -1; } if ((mountflags & MS_REMOUNT) || (mountflags & MS_BIND)) { - DEBUG("remounting %s on %s to respect bind or remount options", - fsname ? fsname : "(none)", target ? target : "(none)"); unsigned long rqd_flags = 0; + + DEBUG("Remounting \"%s\" on \"%s\" to respect bind or remount " + "options", + fsname ? fsname : "(none)", target ? target : "(none)"); + if (mountflags & MS_RDONLY) rqd_flags |= MS_RDONLY; #ifdef HAVE_STATVFS if (statvfs(fsname, &sb) == 0) { unsigned long required_flags = rqd_flags; + if (sb.f_flag & MS_NOSUID) required_flags |= MS_NOSUID; + if (sb.f_flag & MS_NODEV && !dev) required_flags |= MS_NODEV; + if (sb.f_flag & MS_RDONLY) required_flags |= MS_RDONLY; + if (sb.f_flag & MS_NOEXEC) required_flags |= MS_NOEXEC; - DEBUG("(at remount) flags for %s was %lu, required extra flags are %lu", fsname, sb.f_flag, required_flags); - /* - * If this was a bind mount request, and required_flags + + DEBUG("Flags for \"%s\" were %lu, required extra flags " + "are %lu", fsname, sb.f_flag, required_flags); + + /* If this was a bind mount request, and required_flags * does not have any flags which are not already in - * mountflags, then skip the remount + * mountflags, then skip the remount. */ if (!(mountflags & MS_REMOUNT)) { - if (!(required_flags & ~mountflags) && rqd_flags == 0) { - DEBUG("mountflags already was %lu, skipping remount", - mountflags); + if (!(required_flags & ~mountflags) && + rqd_flags == 0) { + DEBUG("Mountflags already were %lu, " + "skipping remount", mountflags); goto skipremount; } } + mountflags |= required_flags; } #endif - if (mount(fsname, target, fstype, - mountflags | MS_REMOUNT, data) < 0) { + ret = mount(fsname, target, fstype, mountflags | MS_REMOUNT, data); + if (ret < 0) { if (optional) { - INFO("failed to mount '%s' on '%s' (optional): %s", - fsname, target, strerror(errno)); + INFO("Failed to mount \"%s\" on \"%s\" " + "(optional): %s", fsname, target, + strerror(errno)); return 0; } - else { - SYSERROR("failed to mount '%s' on '%s'", - fsname, target); - return -1; - } + + SYSERROR("Failed to mount \"%s\" on \"%s\"", fsname, target); + return -1; } } #ifdef HAVE_STATVFS skipremount: #endif - DEBUG("mounted '%s' on '%s', type '%s'", fsname, target, fstype); + DEBUG("Mounted \"%s\" on \"%s\" with filesystem type \"%s\"", fsname, + target, fstype); return 0; } From e63d43ec9228ac2922d85754383c663be4c35728 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:48:06 +0200 Subject: [PATCH 11/18] conf: lxchook_names non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 69626fbd4..d62fbb1d7 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -234,8 +234,9 @@ static int memfd_create(const char *name, unsigned int flags) { extern int memfd_create(const char *name, unsigned int flags); #endif -char *lxchook_names[NUM_LXC_HOOKS] = { - "pre-start", "pre-mount", "mount", "autodev", "start", "stop", "post-stop", "clone", "destroy" }; +char *lxchook_names[NUM_LXC_HOOKS] = {"pre-start", "pre-mount", "mount", + "autodev", "start", "stop", + "post-stop", "clone", "destroy"}; typedef int (*instantiate_cb)(struct lxc_handler *, struct lxc_netdev *); From 7e2f935053916be31486b95e55814775e847bbb5 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 22:54:09 +0200 Subject: [PATCH 12/18] conf: mount_autodev() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 36 +++++++++++++++++------------------- 1 file changed, 17 insertions(+), 19 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index d62fbb1d7..91fcfc192 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1035,58 +1035,56 @@ static int setup_rootfs_pivot_root(const char *rootfs) return -1; } -/* - * Just create a path for /dev under $lxcpath/$name and in rootfs - * If we hit an error, log it but don't fail yet. +/* Just create a path for /dev under $lxcpath/$name and in rootfs If we hit an + * error, log it but don't fail yet. */ -static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs, const char *lxcpath) +static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs, + const char *lxcpath) { int ret; size_t clen; char *path; - INFO("Mounting container /dev"); + INFO("Preparing \"/dev\""); /* $(rootfs->mount) + "/dev/pts" + '\0' */ clen = (rootfs->path ? strlen(rootfs->mount) : 0) + 9; path = alloca(clen); ret = snprintf(path, clen, "%s/dev", rootfs->path ? rootfs->mount : ""); - if (ret < 0 || ret >= clen) + if (ret < 0 || (size_t)ret >= clen) return -1; if (!dir_exists(path)) { - WARN("No /dev in container."); - WARN("Proceeding without autodev setup"); + WARN("\"/dev\" directory does not exist. Proceeding without " + "autodev being set up"); return 0; } ret = safe_mount("none", path, "tmpfs", 0, "size=500000,mode=755", - rootfs->path ? rootfs->mount : NULL); - if (ret != 0) { - SYSERROR("Failed mounting tmpfs onto %s\n", path); + rootfs->path ? rootfs->mount : NULL); + if (ret < 0) { + SYSERROR("Failed to mount tmpfs on \"%s\"", path); return -1; } - - INFO("Mounted tmpfs onto %s", path); + INFO("Mounted tmpfs on \"%s\"", path); ret = snprintf(path, clen, "%s/dev/pts", rootfs->path ? rootfs->mount : ""); - if (ret < 0 || ret >= clen) + if (ret < 0 || (size_t)ret >= clen) return -1; - /* - * If we are running on a devtmpfs mapping, dev/pts may already exist. + /* If we are running on a devtmpfs mapping, dev/pts may already exist. * If not, then create it and exit if that fails... */ if (!dir_exists(path)) { ret = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); - if (ret) { - SYSERROR("Failed to create /dev/pts in container"); + if (ret < 0) { + SYSERROR("Failed to create directory \"%s\"", path); return -1; } } - INFO("Mounted container /dev"); + INFO("Prepared \"/dev\""); return 0; } From b23c8311984403dd6704bb5fccdb6c1bc95f8903 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 23:23:24 +0200 Subject: [PATCH 13/18] utils: add has_fs_type() + is_fs_type() Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/utils.c | 22 ++++++++++++++++++++++ src/lxc/utils.h | 6 ++++++ 2 files changed, 28 insertions(+) diff --git a/src/lxc/utils.c b/src/lxc/utils.c index f89c837d5..88692035f 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -2384,3 +2384,25 @@ void *must_realloc(void *orig, size_t sz) return ret; } + +bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val) +{ + return (fs->f_type == (fs_type_magic)magic_val); +} + +bool has_fs_type(const char *path, fs_type_magic magic_val) +{ + bool has_type; + int ret; + struct statfs sb; + + ret = statfs(path, &sb); + if (ret < 0) + return false; + + has_type = is_fs_type(&sb, magic_val); + if (!has_type && magic_val == RAMFS_MAGIC) + WARN("When the ramfs it a tmpfs statfs() might report tmpfs"); + + return has_type; +} diff --git a/src/lxc/utils.h b/src/lxc/utils.h index 3465e6a6f..addfb7a05 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -36,6 +36,7 @@ #include <linux/loop.h> #include <sys/syscall.h> #include <sys/types.h> +#include <sys/vfs.h> #include "initutils.h" @@ -386,4 +387,9 @@ char *must_copy_string(const char *entry); /* Re-alllocate a pointer, do not fail */ void *must_realloc(void *orig, size_t sz); +/* __typeof__ should be safe to use with all compilers. */ +typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic; +bool has_fs_type(const char *path, fs_type_magic magic_val); +bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); + #endif /* __LXC_UTILS_H */ From 33f0def278fc16de304b86b58fd9508eaeccd11f Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 23:33:43 +0200 Subject: [PATCH 14/18] utils: switch to has_fs_type() Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/utils.c | 23 ++++++++++++----------- src/lxc/utils.h | 1 + 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/lxc/utils.c b/src/lxc/utils.c index 88692035f..d3b0fdc5d 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -42,7 +42,6 @@ #include <sys/prctl.h> #include <sys/stat.h> #include <sys/types.h> -#include <sys/vfs.h> #include <sys/wait.h> #include "log.h" @@ -183,22 +182,24 @@ static int _recursive_rmdir(char *dirname, dev_t pdev, return failed ? -1 : 0; } -/* we have two different magic values for overlayfs, yay */ +/* We have two different magic values for overlayfs, yay. */ +#ifndef OVERLAYFS_SUPER_MAGIC #define OVERLAYFS_SUPER_MAGIC 0x794c764f +#endif + +#ifndef OVERLAY_SUPER_MAGIC #define OVERLAY_SUPER_MAGIC 0x794c7630 -/* - * In overlayfs, st_dev is unreliable. so on overlayfs we don't do - * the lxc_rmdir_onedev() +#endif + +/* In overlayfs, st_dev is unreliable. So on overlayfs we don't do the + * lxc_rmdir_onedev() */ static bool is_native_overlayfs(const char *path) { - struct statfs sb; - - if (statfs(path, &sb) < 0) - return false; - if (sb.f_type == OVERLAYFS_SUPER_MAGIC || - sb.f_type == OVERLAY_SUPER_MAGIC) + if (has_fs_type(path, OVERLAY_SUPER_MAGIC) || + has_fs_type(path, OVERLAYFS_SUPER_MAGIC)) return true; + return false; } diff --git a/src/lxc/utils.h b/src/lxc/utils.h index addfb7a05..fc0e5c01c 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -34,6 +34,7 @@ #include <stdbool.h> #include <unistd.h> #include <linux/loop.h> +#include <linux/magic.h> #include <sys/syscall.h> #include <sys/types.h> #include <sys/vfs.h> From 8e6edb8ba5c8812a04e6cb1d0c6eeda04bacd8d4 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Tue, 1 Aug 2017 23:34:50 +0200 Subject: [PATCH 15/18] conf: lxc_fill_autodev() non-functional changes Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 91fcfc192..9e6671575 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1111,29 +1111,30 @@ static int lxc_fill_autodev(const struct lxc_rootfs *rootfs) int i; mode_t cmask; - ret = snprintf(path, MAXPATHLEN, "%s/dev", rootfs->path ? rootfs->mount : ""); - if (ret < 0 || ret >= MAXPATHLEN) { - ERROR("Error calculating container /dev location"); + ret = snprintf(path, MAXPATHLEN, "%s/dev", + rootfs->path ? rootfs->mount : ""); + if (ret < 0 || ret >= MAXPATHLEN) return -1; - } /* ignore, just don't try to fill in */ if (!dir_exists(path)) return 0; - INFO("populating container /dev"); + INFO("Populating \"/dev\""); + cmask = umask(S_IXUSR | S_IXGRP | S_IXOTH); for (i = 0; i < sizeof(lxc_devs) / sizeof(lxc_devs[0]); i++) { const struct lxc_devs *d = &lxc_devs[i]; - ret = snprintf(path, MAXPATHLEN, "%s/dev/%s", rootfs->path ? rootfs->mount : "", d->name); + ret = snprintf(path, MAXPATHLEN, "%s/dev/%s", + rootfs->path ? rootfs->mount : "", d->name); if (ret < 0 || ret >= MAXPATHLEN) return -1; ret = mknod(path, d->mode, makedev(d->maj, d->min)); if (ret < 0) { - char hostpath[MAXPATHLEN]; FILE *pathfile; + char hostpath[MAXPATHLEN]; if (errno == EEXIST) { DEBUG("\"%s\" device already existed", path); @@ -1146,24 +1147,31 @@ static int lxc_fill_autodev(const struct lxc_rootfs *rootfs) ret = snprintf(hostpath, MAXPATHLEN, "/dev/%s", d->name); if (ret < 0 || ret >= MAXPATHLEN) return -1; + pathfile = fopen(path, "wb"); if (!pathfile) { - SYSERROR("Failed to create device mount target '%s'", path); + SYSERROR("Failed to create file \"%s\"", path); return -1; } fclose(pathfile); - if (safe_mount(hostpath, path, 0, MS_BIND, NULL, rootfs->path ? rootfs->mount : NULL) != 0) { - SYSERROR("Failed bind mounting device %s from host into container", d->name); + + ret = safe_mount(hostpath, path, 0, MS_BIND, NULL, + rootfs->path ? rootfs->mount : NULL); + if (ret < 0) { + SYSERROR("Failed to bind mount \"%s\" from " + "host into container", + d->name); return -1; } - DEBUG("bind mounted \"%s\" onto \"%s\"", hostpath, path); + DEBUG("Bind mounted \"%s\" onto \"%s\"", hostpath, + path); } else { - DEBUG("created device node \"%s\"", path); + DEBUG("Created device node \"%s\"", path); } } umask(cmask); - INFO("populated container /dev"); + INFO("Populated \"/dev\""); return 0; } From 935267ec2d26fdf62216a92d2a72dc4c7b9cbfdd Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Sat, 29 Jul 2017 23:10:17 +0200 Subject: [PATCH 16/18] utils: rework lxc_deslashify() Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/criu.c | 10 +++++++--- src/lxc/utils.c | 49 +++++++++++++++++++++++----------------------- src/lxc/utils.h | 2 +- src/tests/lxc-test-utils.c | 44 ++++++++++++++++++++++------------------- 4 files changed, 56 insertions(+), 49 deletions(-) diff --git a/src/lxc/criu.c b/src/lxc/criu.c index b1ab5d46e..245b06984 100644 --- a/src/lxc/criu.c +++ b/src/lxc/criu.c @@ -263,7 +263,7 @@ static void exec_criu(struct criu_opts *opts) for (i = 0; i < cgroup_num_hierarchies(); i++) { char **controllers = NULL, *fullname; - char *path; + char *path, *tmp; if (!cgroup_get_hierarchies(i, &controllers)) { ERROR("failed to get hierarchy %d", i); @@ -296,11 +296,15 @@ static void exec_criu(struct criu_opts *opts) } } - if (!lxc_deslashify(&path)) { - ERROR("failed to deslashify %s", path); + tmp = lxc_deslashify(path); + if (!tmp) { + ERROR("Failed to remove extraneous slashes from \"%s\"", + path); free(path); goto err; } + free(path); + path = tmp; fullname = lxc_string_join(",", (const char **) controllers, false); if (!fullname) { diff --git a/src/lxc/utils.c b/src/lxc/utils.c index d3b0fdc5d..d36107020 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -729,47 +729,46 @@ char **lxc_normalize_path(const char *path) return components; } -bool lxc_deslashify(char **path) +char *lxc_deslashify(const char *path) { - bool ret = false; - char *p; + char *dup, *p; char **parts = NULL; size_t n, len; - parts = lxc_normalize_path(*path); - if (!parts) - return false; + dup = strdup(path); + if (!dup) + return NULL; + + parts = lxc_normalize_path(dup); + if (!parts) { + free(dup); + return NULL; + } /* We'll end up here if path == "///" or path == "". */ if (!*parts) { - len = strlen(*path); + len = strlen(dup); if (!len) { - ret = true; - goto out; + lxc_free_array((void **)parts, free); + return dup; } - n = strcspn(*path, "/"); + n = strcspn(dup, "/"); if (n == len) { + free(dup); + lxc_free_array((void **)parts, free); + p = strdup("/"); if (!p) - goto out; - free(*path); - *path = p; - ret = true; - goto out; + return NULL; + + return p; } } - p = lxc_string_join("/", (const char **)parts, **path == '/'); - if (!p) - goto out; - - free(*path); - *path = p; - ret = true; - -out: + p = lxc_string_join("/", (const char **)parts, *dup == '/'); + free(dup); lxc_free_array((void **)parts, free); - return ret; + return p; } char *lxc_append_paths(const char *first, const char *second) diff --git a/src/lxc/utils.h b/src/lxc/utils.h index fc0e5c01c..4408c6d69 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -275,7 +275,7 @@ extern char *lxc_string_join(const char *sep, const char **parts, bool use_as_pr */ extern char **lxc_normalize_path(const char *path); /* remove multiple slashes from the path, e.g. ///foo//bar -> /foo/bar */ -extern bool lxc_deslashify(char **path); +extern char *lxc_deslashify(const char *path); extern char *lxc_append_paths(const char *first, const char *second); /* Note: the following two functions use strtok(), so they will never * consider an empty element, even if two delimiters are next to diff --git a/src/tests/lxc-test-utils.c b/src/tests/lxc-test-utils.c index 01d8cd6eb..aba7706ab 100644 --- a/src/tests/lxc-test-utils.c +++ b/src/tests/lxc-test-utils.c @@ -41,33 +41,37 @@ void test_lxc_deslashify(void) { - char *s = strdup("/A///B//C/D/E/"); - if (!s) + char *s = "/A///B//C/D/E/"; + char *t; + + t = lxc_deslashify(s); + if (!t) exit(EXIT_FAILURE); - lxc_test_assert_abort(lxc_deslashify(&s)); - lxc_test_assert_abort(strcmp(s, "/A/B/C/D/E") == 0); - free(s); + lxc_test_assert_abort(strcmp(t, "/A/B/C/D/E") == 0); + free(t); - s = strdup("/A"); - if (!s) + s = "/A"; + + t = lxc_deslashify(s); + if (!t) exit(EXIT_FAILURE); - lxc_test_assert_abort(lxc_deslashify(&s)); - lxc_test_assert_abort(strcmp(s, "/A") == 0); - free(s); + lxc_test_assert_abort(strcmp(t, "/A") == 0); + free(t); - s = strdup(""); - if (!s) + s = ""; + t = lxc_deslashify(s); + if (!t) exit(EXIT_FAILURE); - lxc_test_assert_abort(lxc_deslashify(&s)); - lxc_test_assert_abort(strcmp(s, "") == 0); - free(s); + lxc_test_assert_abort(strcmp(t, "") == 0); + free(t); + + s = "//"; - s = strdup("//"); - if (!s) + t = lxc_deslashify(s); + if (!t) exit(EXIT_FAILURE); - lxc_test_assert_abort(lxc_deslashify(&s)); - lxc_test_assert_abort(strcmp(s, "/") == 0); - free(s); + lxc_test_assert_abort(strcmp(t, "/") == 0); + free(t); } /* /proc/int_as_str/ns/mnt\0 = (5 + 21 + 7 + 1) */ From 8321bfb6932d6a0c0e3d27763f1edb14f65dd354 Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 2 Aug 2017 01:28:35 +0200 Subject: [PATCH 17/18] conf: NOTICE() on mounts on container's /dev Signed-off-by: Christian Brauner <[email protected]> --- src/lxc/conf.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 51 insertions(+), 7 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 9e6671575..350669a68 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2016,7 +2016,47 @@ static int mount_entry_on_relative_rootfs(struct mntent *mntent, return mount_entry_on_generic(mntent, path, rootfs, lxc_name, lxc_path); } -static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file, +static void notice_on_conflict(const struct lxc_conf *conf, const char *src, + const char *dest) +{ + char *clean_mnt_fsname, *clean_mnt_dir, *tmp; + + clean_mnt_fsname = lxc_deslashify(src); + if (!clean_mnt_fsname) + return; + + clean_mnt_dir = lxc_deslashify(dest); + if (!clean_mnt_dir) { + free(clean_mnt_fsname); + return; + } + + tmp = clean_mnt_dir; + if (*tmp == '/') + tmp++; + + if (strncmp(src, "/dev", 4) || strncmp(tmp, "dev", 3)) { + free(clean_mnt_dir); + free(clean_mnt_fsname); + return; + } + + if (!conf->autodev && !conf->pts && !conf->tty && + (!conf->console.path || !strcmp(conf->console.path, "none"))) { + free(clean_mnt_dir); + free(clean_mnt_fsname); + return; + } + + NOTICE("Requesting to mount \"%s\" on \"%s\" while requesting " + "automatic device setup under \"/dev\"", clean_mnt_fsname, + clean_mnt_dir); + free(clean_mnt_dir); + free(clean_mnt_fsname); +} + +static int mount_file_entries(const struct lxc_conf *conf, + const struct lxc_rootfs *rootfs, FILE *file, const char *lxc_name, const char *lxc_path) { struct mntent mntent; @@ -2024,6 +2064,8 @@ static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file, int ret = -1; while (getmntent_r(file, &mntent, buf, sizeof(buf))) { + warn_on_conflict(conf, mntent.mnt_fsname, mntent.mnt_dir); + if (!rootfs->path) ret = mount_entry_on_systemfs(&mntent); else if (mntent.mnt_dir[0] != '/') @@ -2041,7 +2083,8 @@ static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file, return ret; } -static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab, +static int setup_mount(const struct lxc_conf *conf, + const struct lxc_rootfs *rootfs, const char *fstab, const char *lxc_name, const char *lxc_path) { FILE *f; @@ -2056,7 +2099,7 @@ static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab, return -1; } - ret = mount_file_entries(rootfs, f, lxc_name, lxc_path); + ret = mount_file_entries(conf, rootfs, f, lxc_name, lxc_path); if (ret < 0) ERROR("Failed to set up mount entries"); @@ -2107,7 +2150,8 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount) return f; } -static int setup_mount_entries(const struct lxc_rootfs *rootfs, +static int setup_mount_entries(const struct lxc_conf *conf, + const struct lxc_rootfs *rootfs, struct lxc_list *mount, const char *lxc_name, const char *lxc_path) { @@ -2118,7 +2162,7 @@ static int setup_mount_entries(const struct lxc_rootfs *rootfs, if (!f) return -1; - ret = mount_file_entries(rootfs, f, lxc_name, lxc_path); + ret = mount_file_entries(conf, rootfs, f, lxc_name, lxc_path); fclose(f); return ret; @@ -4162,12 +4206,12 @@ int lxc_setup(struct lxc_handler *handler) return -1; } - if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name, lxcpath)) { + if (setup_mount(lxc_conf, &lxc_conf->rootfs, lxc_conf->fstab, name, lxcpath)) { ERROR("failed to setup the mounts for '%s'", name); return -1; } - if (!lxc_list_empty(&lxc_conf->mount_list) && setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name, lxcpath)) { + if (!lxc_list_empty(&lxc_conf->mount_list) && setup_mount_entries(lxc_conf, &lxc_conf->rootfs, &lxc_conf->mount_list, name, lxcpath)) { ERROR("failed to setup the mount entries for '%s'", name); return -1; } From 63b6cb712df3ac7cf8ce308f4a3f50bc05eefbab Mon Sep 17 00:00:00 2001 From: Christian Brauner <[email protected]> Date: Wed, 2 Aug 2017 01:31:16 +0200 Subject: [PATCH 18/18] userns.conf: remove obsolete bind-mounts Signed-off-by: Christian Brauner <[email protected]> --- config/templates/userns.conf.in | 8 -------- 1 file changed, 8 deletions(-) diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in index b43d4f3db..be4fbbc6b 100644 --- a/config/templates/userns.conf.in +++ b/config/templates/userns.conf.in @@ -4,11 +4,3 @@ lxc.cgroup.devices.allow = # We can't move bind-mounts, so don't use /dev/lxc/ lxc.tty.dir = - -# Extra bind-mounts for userns -lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 -lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 -lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 -lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 -lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 -lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
