From: Serge Hallyn <serge.hal...@ubuntu.com>
At the same time, allow lxc.mount.entry to specify an absolute target
path relative to /var/lib/lxc/CN/rootfs, even if rootfs is a blockdev.
Otherwise all such entries are ignored for blockdev-backed containers.
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
src/lxc/conf.c | 48 +++++++++++++++++++++++++++++++----------
templates/lxc-debian.in | 4 ++--
templates/lxc-fedora.in | 6 +++---
templates/lxc-lenny.in | 4 ++--
templates/lxc-opensuse.in | 4 ++--
templates/lxc-sshd.in | 16 +++++++-------
templates/lxc-ubuntu-cloud.in | 4 ++--
templates/lxc-ubuntu.in | 4 ++--
8 files changed, 58 insertions(+), 32 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index b0ce92b..87f7adc 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1146,27 +1146,50 @@ static inline int mount_entry_on_systemfs(struct mntent
*mntent)
}
static int mount_entry_on_absolute_rootfs(struct mntent *mntent,
- const struct lxc_rootfs *rootfs)
+ const struct lxc_rootfs *rootfs,
+ const char *lxc_name)
{
char *aux;
char path[MAXPATHLEN];
unsigned long mntflags;
char *mntdata;
- int ret = 0;
+ int r, ret = 0, offset;
if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
return -1;
}
+ /* if rootfs->path is a blockdev path, allow container fstab to
+ * use /var/lib/lxc/CN/rootfs as the target prefix */
+ r = snprintf(path, MAXPATHLEN, "/var/lib/lxc/%s/rootfs", lxc_name);
+ if (r < 0 || r >= MAXPATHLEN)
+ goto skipvarlib;
+
+ aux = strstr(mntent->mnt_dir, path);
+ if (aux) {
+ offset = strlen(path);
+ goto skipabs;
+ }
+
+skipvarlib:
aux = strstr(mntent->mnt_dir, rootfs->path);
if (!aux) {
WARN("ignoring mount point '%s'", mntent->mnt_dir);
goto out;
}
+ offset = strlen(rootfs->path);
+
+skipabs:
snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount,
- aux + strlen(rootfs->path));
+ aux + offset);
+ if (r < 0 || r >= MAXPATHLEN) {
+ WARN("pathnme too long for '%s'", mntent->mnt_dir);
+ ret = -1;
+ goto out;
+ }
+
ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type,
mntflags, mntdata);
@@ -1200,7 +1223,8 @@ static int mount_entry_on_relative_rootfs(struct mntent
*mntent,
return ret;
}
-static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file)
+static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file,
+ const char *lxc_name)
{
struct mntent *mntent;
int ret = -1;
@@ -1221,7 +1245,7 @@ static int mount_file_entries(const struct lxc_rootfs
*rootfs, FILE *file)
continue;
}
- if (mount_entry_on_absolute_rootfs(mntent, rootfs))
+ if (mount_entry_on_absolute_rootfs(mntent, rootfs, lxc_name))
goto out;
}
@@ -1232,7 +1256,8 @@ out:
return ret;
}
-static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab)
+static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
+ const char *lxc_name)
{
FILE *file;
int ret;
@@ -1246,13 +1271,14 @@ static int setup_mount(const struct lxc_rootfs *rootfs,
const char *fstab)
return -1;
}
- ret = mount_file_entries(rootfs, file);
+ ret = mount_file_entries(rootfs, file, lxc_name);
endmntent(file);
return ret;
}
-static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct
lxc_list *mount)
+static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct
lxc_list *mount,
+ const char *lxc_name)
{
FILE *file;
struct lxc_list *iterator;
@@ -1272,7 +1298,7 @@ static int setup_mount_entries(const struct lxc_rootfs
*rootfs, struct lxc_list
rewind(file);
- ret = mount_file_entries(rootfs, file);
+ ret = mount_file_entries(rootfs, file, lxc_name);
fclose(file);
return ret;
@@ -2051,12 +2077,12 @@ int lxc_setup(const char *name, struct lxc_conf
*lxc_conf)
return -1;
}
- if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab)) {
+ if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) {
ERROR("failed to setup the mounts for '%s'", name);
return -1;
}
- if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list)) {
+ if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list,
name)) {
ERROR("failed to setup the mount entries for '%s'", name);
return -1;
}
diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
index b97bbac..34d9593 100644
--- a/templates/lxc-debian.in
+++ b/templates/lxc-debian.in
@@ -212,8 +212,8 @@ lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index 3f50895..3aa2d73 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -263,9 +263,9 @@ lxc.cgroup.devices.allow = c 254:0 rwm
EOF
cat <<EOF > $config_path/fstab
-proc $rootfs_path/proc proc nodev,noexec,nosuid 0 0
-devpts $rootfs_path/dev/pts devpts defaults 0 0
-sysfs $rootfs_path/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+devpts dev/pts devpts defaults 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
diff --git a/templates/lxc-lenny.in b/templates/lxc-lenny.in
index 3720dce..910c185 100644
--- a/templates/lxc-lenny.in
+++ b/templates/lxc-lenny.in
@@ -200,8 +200,8 @@ lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in
index 120b2c7..3d2e001 100644
--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -281,8 +281,8 @@ lxc.cgroup.devices.allow = c 254:0 rwm
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
diff --git a/templates/lxc-sshd.in b/templates/lxc-sshd.in
index 749d08a..f0da30f 100644
--- a/templates/lxc-sshd.in
+++ b/templates/lxc-sshd.in
@@ -111,13 +111,13 @@ cat <<EOF >> $path/config
lxc.utsname = $name
lxc.pts = 1024
lxc.rootfs = $rootfs
-lxc.mount.entry=/dev $rootfs/dev none ro,bind 0 0
-lxc.mount.entry=/lib $rootfs/lib none ro,bind 0 0
-lxc.mount.entry=/bin $rootfs/bin none ro,bind 0 0
-lxc.mount.entry=/usr /$rootfs/usr none ro,bind 0 0
-lxc.mount.entry=/sbin $rootfs/sbin none ro,bind 0 0
-lxc.mount.entry=tmpfs $rootfs/var/run/sshd tmpfs mode=0644 0 0
-lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd $rootfs/sbin/init none bind 0 0
+lxc.mount.entry=/dev dev none ro,bind 0 0
+lxc.mount.entry=/lib lib none ro,bind 0 0
+lxc.mount.entry=/bin bin none ro,bind 0 0
+lxc.mount.entry=/usr usr none ro,bind 0 0
+lxc.mount.entry=/sbin sbin none ro,bind 0 0
+lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0
+lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
EOF
@@ -126,7 +126,7 @@ grep -q "^lxc.network.ipv4" $path/config || touch
$rootfs/run-dhcp
if [ "$(uname -m)" = "x86_64" ]; then
cat <<EOF >> $path/config
-lxc.mount.entry=/lib64 $rootfs/lib64 none ro,bind 0 0
+lxc.mount.entry=/lib64 lib64 none ro,bind 0 0
EOF
fi
}
diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in
index 493c10a..cba30c1 100644
--- a/templates/lxc-ubuntu-cloud.in
+++ b/templates/lxc-ubuntu-cloud.in
@@ -88,8 +88,8 @@ lxc.cgroup.devices.allow = c 10:232 rwm
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
# rmdir /dev/shm in precise containers.
diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index 0c422ea..de4f426 100644
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -366,8 +366,8 @@ lxc.cgroup.devices.allow = c 10:232 rwm
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
--
1.7.9.5
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
