Re: [lxc-devel] [PATCH v3 7/7] added the unmount-namespace hook
> On October 6, 2015 at 8:18 PM Serge Hallyn wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > Signed-off-by: Wolfgang Bumiller > > Hi Wolfgang, > > Thanks for resending. > > I'm a very forgetful person. If you could (in the future - don't resend > this one) add a changelog showing what's changed, that would make my > reviews a lot faster :) Sure thing, I included a changelog in the cover-letter, but will include them in the individual patches as well next time. Should be easier to work with then :) ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH v5] Make overlayfs mounts work directly
I now wonder if it wouldn't be smarter to force users to specify relative paths for upper and workdir lxc.mount.entry = /lower merged overlay lowerdir=/lower,upper=upper,workdir=workdir,create=dir and fill in the missing path in mount_entry_create_*_dirs(). Otherwise these mounts won't work out of the box when a clone of the container is made and started... Thoughts? On Tue, Oct 06, 2015 at 08:38:13PM +0200, Christian Brauner wrote: > When users wanted to mount overlay directories with lxc.mount.entry they had > to > create upperdirs and workdirs beforehand in order to mount them. To create it > for them we add the functions mount_entry_create_overlay_dirs() and > mount_entry_create_aufs_dirs() which do this for them. User can now simply > specify e.g.: > > lxc.mount.entry = /lower merged overlay > lowerdir=/lower,upper=/upper,workdir=/workdir,create=dir > > and /upper and /workdir will be created for them. /upper and /workdir need to > be absolute paths to directories which are created under the containerdir > (e.g. > under $lxcpath/CONTAINERNAME/). Relative mountpoints, mountpoints outside the > containerdir, and mountpoints within the container's rootfs are ignored. (The > latter *might* change in the future should it be considered safe/useful.) > > Specifying > > lxc.mount.entry = /lower merged overlay > lowerdir=/lower:/lower2,create=dir > > will lead to a read-only overlay mount in accordance with the > kernel-documentation. > > Specifying > > lxc.mount.entry = /lower merged overlay lowerdir=/lower,create=dir > > will fail when no upperdir and workdir options are given. > > Signed-off-by: Christian Brauner > Acked-by: Serge E. Hallyn > --- > src/lxc/conf.c | 162 > - > 1 file changed, 150 insertions(+), 12 deletions(-) > > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > index 6728c78..5a3209a 100644 > --- a/src/lxc/conf.c > +++ b/src/lxc/conf.c > @@ -1815,13 +1815,151 @@ static void cull_mntent_opt(struct mntent *mntent) > } > } > > +static int mount_entry_create_overlay_dirs(const struct mntent *mntent, > +const struct lxc_rootfs *rootfs) > +{ > + char *del = NULL; > + char *lxcpath = NULL; > + char *upperdir = NULL; > + char *workdir = NULL; > + char **opts = NULL; > + size_t arrlen = 0; > + size_t dirlen = 0; > + size_t i; > + size_t len = 0; > + size_t rootfslen = 0; > + > + if (!rootfs->path) > + return -1; > + > + opts = lxc_string_split(mntent->mnt_opts, ','); > + if (opts) > + arrlen = lxc_array_len((void **)opts); > + else > + return -1; > + > + for (i = 0; i < arrlen; i++) { > + if (strstr(opts[i], "upperdir=") && (strlen(opts[i]) > (len = > strlen("upperdir=" > + upperdir = opts[i] + len; > + else if (strstr(opts[i], "workdir=") && (strlen(opts[i]) > (len > = strlen("workdir=" > + workdir = opts[i] + len; > + } > + > + lxcpath = strdup(rootfs->path); > + if (!lxcpath) { > + lxc_free_array((void **)opts, free); > + return -1; > + } > + > + del = strstr(lxcpath, "/rootfs"); > + if (!del) { > + free(lxcpath); > + lxc_free_array((void **)opts, free); > + return -1; > + } > + *del = '\0'; > + > + dirlen = strlen(lxcpath); > + rootfslen = strlen(rootfs->path); > + > + /* We neither allow users to create upperdirs and workdirs outside the > + * containerdir nor inside the rootfs. The latter might be debatable. */ > + if (upperdir) > + if ((strncmp(upperdir, lxcpath, dirlen) == 0) && > (strncmp(upperdir, rootfs->path, rootfslen) != 0)) > + if (mkdir_p(upperdir, 0755) < 0) { > + WARN("Failed to create upperdir"); > + } > + > + > + if (workdir) > + if ((strncmp(workdir, lxcpath, dirlen) == 0) && > (strncmp(workdir, rootfs->path, rootfslen) != 0)) > + if (mkdir_p(workdir, 0755) < 0) { > + WARN("Failed to create workdir"); > + } > + > + free(lxcpath); > + lxc_free_array((void **)opts, free); > + return 0; > +} > + > +static int mount_entry_create_aufs_dirs(const struct mntent *mntent, > + const struct lxc_rootfs *rootfs) > +{ > + char *del = NULL; > + char *lxcpath = NULL; > + char *scratch = NULL; > + char *tmp = NULL; > + char *upperdir = NULL; > + char **opts = NULL; > + size_t arrlen = 0; > + size_t i; > + size_t len = 0; > + > + if (!rootfs->path) > + return -1; > + > + opts = lxc_string_split(mntent->mnt_opts, ','); > + if (opts) > + arrlen = lxc_array_len((void **)opts); > + el
[lxc-devel] [PATCH v5] Make overlayfs mounts work directly
When users wanted to mount overlay directories with lxc.mount.entry they had to create upperdirs and workdirs beforehand in order to mount them. To create it for them we add the functions mount_entry_create_overlay_dirs() and mount_entry_create_aufs_dirs() which do this for them. User can now simply specify e.g.: lxc.mount.entry = /lower merged overlay lowerdir=/lower,upper=/upper,workdir=/workdir,create=dir and /upper and /workdir will be created for them. /upper and /workdir need to be absolute paths to directories which are created under the containerdir (e.g. under $lxcpath/CONTAINERNAME/). Relative mountpoints, mountpoints outside the containerdir, and mountpoints within the container's rootfs are ignored. (The latter *might* change in the future should it be considered safe/useful.) Specifying lxc.mount.entry = /lower merged overlay lowerdir=/lower:/lower2,create=dir will lead to a read-only overlay mount in accordance with the kernel-documentation. Specifying lxc.mount.entry = /lower merged overlay lowerdir=/lower,create=dir will fail when no upperdir and workdir options are given. Signed-off-by: Christian Brauner Acked-by: Serge E. Hallyn --- src/lxc/conf.c | 162 - 1 file changed, 150 insertions(+), 12 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 6728c78..5a3209a 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1815,13 +1815,151 @@ static void cull_mntent_opt(struct mntent *mntent) } } +static int mount_entry_create_overlay_dirs(const struct mntent *mntent, + const struct lxc_rootfs *rootfs) +{ + char *del = NULL; + char *lxcpath = NULL; + char *upperdir = NULL; + char *workdir = NULL; + char **opts = NULL; + size_t arrlen = 0; + size_t dirlen = 0; + size_t i; + size_t len = 0; + size_t rootfslen = 0; + + if (!rootfs->path) + return -1; + + opts = lxc_string_split(mntent->mnt_opts, ','); + if (opts) + arrlen = lxc_array_len((void **)opts); + else + return -1; + + for (i = 0; i < arrlen; i++) { + if (strstr(opts[i], "upperdir=") && (strlen(opts[i]) > (len = strlen("upperdir=" + upperdir = opts[i] + len; + else if (strstr(opts[i], "workdir=") && (strlen(opts[i]) > (len = strlen("workdir=" + workdir = opts[i] + len; + } + + lxcpath = strdup(rootfs->path); + if (!lxcpath) { + lxc_free_array((void **)opts, free); + return -1; + } + + del = strstr(lxcpath, "/rootfs"); + if (!del) { + free(lxcpath); + lxc_free_array((void **)opts, free); + return -1; + } + *del = '\0'; + + dirlen = strlen(lxcpath); + rootfslen = strlen(rootfs->path); + + /* We neither allow users to create upperdirs and workdirs outside the +* containerdir nor inside the rootfs. The latter might be debatable. */ + if (upperdir) + if ((strncmp(upperdir, lxcpath, dirlen) == 0) && (strncmp(upperdir, rootfs->path, rootfslen) != 0)) + if (mkdir_p(upperdir, 0755) < 0) { + WARN("Failed to create upperdir"); + } + + + if (workdir) + if ((strncmp(workdir, lxcpath, dirlen) == 0) && (strncmp(workdir, rootfs->path, rootfslen) != 0)) + if (mkdir_p(workdir, 0755) < 0) { + WARN("Failed to create workdir"); + } + + free(lxcpath); + lxc_free_array((void **)opts, free); + return 0; +} + +static int mount_entry_create_aufs_dirs(const struct mntent *mntent, + const struct lxc_rootfs *rootfs) +{ + char *del = NULL; + char *lxcpath = NULL; + char *scratch = NULL; + char *tmp = NULL; + char *upperdir = NULL; + char **opts = NULL; + size_t arrlen = 0; + size_t i; + size_t len = 0; + + if (!rootfs->path) + return -1; + + opts = lxc_string_split(mntent->mnt_opts, ','); + if (opts) + arrlen = lxc_array_len((void **)opts); + else + return -1; + + for (i = 0; i < arrlen; i++) { + if (strstr(opts[i], "br=") && (strlen(opts[i]) > (len = strlen("br=" + tmp = opts[i] + len; + } + if (!tmp) { + lxc_free_array((void **)opts, free); + return -1; + } + + upperdir = strtok_r(tmp, ":=", &scratch); + if (!upperdir) { + lxc_free_array((void **)opts, free); + return -1; + } + + lxcpath = strdup(rootfs->path); + if (!lxcpath) { + lxc_free_ar
[lxc-devel] [PATCH v5] Make overlayfs mounts work directly
No changes apart from the ones Serge requested. Adding Acked-by: Serge E. Hallyn with Serge's permission. (see hist comments to [PATCH v4]) Christian Brauner (1): Make overlayfs mounts work directly src/lxc/conf.c | 162 - 1 file changed, 150 insertions(+), 12 deletions(-) -- 2.6.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH v4] Make overlayfs mounts work directly
Quoting Christian Brauner (christianvanbrau...@gmail.com): > When users wanted to mount overlay directories with lxc.mount.entry they had > to > create upperdirs and workdirs beforehand in order to mount them. To create it > for them we add the functions mount_entry_create_overlay_dirs() and > mount_entry_create_aufs_dirs() which do this for them. User can now simply > specify e.g.: > > lxc.mount.entry = /lower merged overlay > lowerdir=/lower,upper=/upper,workdir=/workdir,create=dir > > and /upper and /workdir will be created for them. /upper and /workdir need to > be absolute paths to directories which are created under the containerdir > (e.g. > under $lxcpath/CONTAINERNAME/). Relative mountpoints, mountpoints outside the > containerdir, and mountpoints within the container's rootfs are ignored. (The > latter *might* change in the future should it be considered safe/useful.) > > Specifying > > lxc.mount.entry = /lower merged overlay > lowerdir=/lower:/lower2,create=dir > > will lead to a read-only overlay mount in accordance with the > kernel-documentation. > > Specifying > > lxc.mount.entry = /lower merged overlay lowerdir=/lower,create=dir > > will fail when no upperdir and workdir options are given. > > Signed-off-by: Christian Brauner Comments below. If you resend with those fixed and no other changes, please add my Acked-by: Serge E. Hallyn > --- > src/lxc/conf.c | 156 > - > 1 file changed, 144 insertions(+), 12 deletions(-) > > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > index 6728c78..0fde952 100644 > --- a/src/lxc/conf.c > +++ b/src/lxc/conf.c > @@ -1815,13 +1815,145 @@ static void cull_mntent_opt(struct mntent *mntent) > } > } > > +static int mount_entry_create_overlay_dirs(const struct mntent *mntent, > +const struct lxc_rootfs *rootfs) > +{ > + char *del = NULL; > + char *lxcpath = NULL; > + char *upperdir = NULL; > + char *workdir = NULL; > + char **opts = NULL; > + size_t arrlen = 0; > + size_t dirlen = 0; > + size_t i; > + size_t len = 0; > + size_t rootfslen = 0; > + > + if (!rootfs->path) > + return -1; > + > + opts = lxc_string_split(mntent->mnt_opts, ','); > + if (opts) > + arrlen = lxc_array_len((void **)opts); > + else > + return -1; > + > + for (i = 0; i < arrlen; i++) { > + if (strstr(opts[i], "upperdir=") && (strlen(opts[i]) > (len = > strlen("upperdir=" > + upperdir = opts[i] + len; Note the multiple indent is done for continuation of condition. The action should be indented with one tab. > + else if (strstr(opts[i], "workdir=") && (strlen(opts[i]) > (len > = strlen("workdir=" > + workdir = opts[i] + len; > + } > + > + lxcpath = strdup(rootfs->path); > + if (!lxcpath) { > + lxc_free_array((void **)opts, free); > + return -1; > + } > + > + del = strstr(lxcpath, "/rootfs"); > + if (!del) Why no lxc_free_array and free(path) here? > + return -1; > + *del = '\0'; > + > + dirlen = strlen(lxcpath); > + rootfslen = strlen(rootfs->path); > + > + /* We neither allow users to create upperdirs and workdirs outside the > + * containerdir nor inside the rootfs. The latter might be debatable. */ > + if (upperdir) > + if ((strncmp(upperdir, lxcpath, dirlen) == 0) && > (strncmp(upperdir, rootfs->path, rootfslen) != 0)) > + if (mkdir_p(upperdir, 0755) < 0) { > + WARN("Failed to create upperdir"); > + } > + > + > + if (workdir) > + if ((strncmp(workdir, lxcpath, dirlen) == 0) && > (strncmp(workdir, rootfs->path, rootfslen) != 0)) > + if (mkdir_p(workdir, 0755) < 0) { > + WARN("Failed to create workdir"); > + } > + > + free(lxcpath); > + lxc_free_array((void **)opts, free); > + return 0; > +} > + > +static int mount_entry_create_aufs_dirs(const struct mntent *mntent, > + const struct lxc_rootfs *rootfs) > +{ > + char *del = NULL; > + char *lxcpath = NULL; > + char *scratch = NULL; > + char *tmp = NULL; > + char *upperdir = NULL; > + char **opts = NULL; > + size_t arrlen = 0; > + size_t i; > + size_t len = 0; > + > + if (!rootfs->path) > + return -1; > + > + opts = lxc_string_split(mntent->mnt_opts, ','); > + if (opts) > + arrlen = lxc_array_len((void **)opts); > + else > + return -1; > + > + for (i = 0; i < arrlen; i++) { > + if (strstr(opts[i], "br=") && (strlen(opts[i]) > (len = > strlen("br=" > + tmp = opts[i] + len; > + } > + if
Re: [lxc-devel] [PATCH v3 7/7] added the unmount-namespace hook
Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > Signed-off-by: Wolfgang Bumiller Hi Wolfgang, Thanks for resending. I'm a very forgetful person. If you could (in the future - don't resend this one) add a changelog showing what's changed, that would make my reviews a lot faster :) Looks good, Acked-by: Serge E. Hallyn Stéphane, this is going to need packaging jujitsu for multiarch I assume, I'm not sure how we'll handle that. > --- > hooks/Makefile.am | 6 ++ > hooks/unmount-namespace.c | 213 > ++ > 2 files changed, 219 insertions(+) > create mode 100644 hooks/unmount-namespace.c > > diff --git a/hooks/Makefile.am b/hooks/Makefile.am > index be55601..ef82083 100644 > --- a/hooks/Makefile.am > +++ b/hooks/Makefile.am > @@ -6,4 +6,10 @@ hooks_SCRIPTS = \ > ubuntu-cloud-prep \ > squid-deb-proxy-client > > +hooks_PROGRAMS = \ > + unmount-namespace > + > +unmount_namespace_SOURCES = \ > + unmount-namespace.c > + > EXTRA_DIST=$(hooks_SCRIPTS) > diff --git a/hooks/unmount-namespace.c b/hooks/unmount-namespace.c > new file mode 100644 > index 000..488c9cc > --- /dev/null > +++ b/hooks/unmount-namespace.c > @@ -0,0 +1,213 @@ > +/* > + * Copyright © 2015 Wolfgang Bumiller . > + * Copyright © 2015 Proxmox Server Solutions GmbH > + * > + * This program is free software; you can redistribute it and/or modify > + * it under the terms of the GNU General Public License version 2, as > + * published by the Free Software Foundation. > + * > + * This program is distributed in the hope that it will be useful, > + * but WITHOUT ANY WARRANTY; without even the implied warranty of > + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the > + * GNU General Public License for more details. > + * > + * You should have received a copy of the GNU General Public License along > + * with this program; if not, write to the Free Software Foundation, Inc., > + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. > + * > + * -- > + * > + * This stop-hook unmounts everything in the container's namespace, and > thereby > + * waits for all calls commands to finish. This is useful when one needs to > be > + * sure that network filesystems are finished unmounting in the namespace > + * before continuing with other tasks. Without this hook the cleanup of > mounts > + * is done by the kernel in the background after all the references to the > + * namespaces are gone. > + */ > + > +#define _GNU_SOURCE/* setns */ > +#include /* fdopen, getmntent, endmntent */ > +#include /* malloc, qsort */ > +#include /* close */ > +#include /* strcmp, strncmp, strdup, strerror */ > +#include /* setns */ > +#include /* umount2 */ > +#include /* openat, open */ > +#include /* openat, open */ > +#include /* openat, open */ > +#include /* getmntent, endmntent */ > +#include /* errno */ > + > +struct mount { > + char *src; /* currently not used */ > + char *dst; > + char *fs; /* currently not used */ > +}; > + > +static void mount_free(struct mount *mnt) { > + free(mnt->src); > + free(mnt->dst); > + free(mnt->fs); > +} > + > +static int mount_cmp_dst(const void *a_, const void *b_) { > + struct mount *a = (struct mount*)a_; > + struct mount *b = (struct mount*)b_; > + return strcmp(b->dst, a->dst); /* swapped order */ > +} > + > +/* Unmounting /dev/pts fails, and so /dev also fails, but /dev is not what > + * we're interested in. (There might also still be /dev/cgroup mounts). > + */ > +static int mount_should_error(const struct mount *mnt) { > + const char *dst = mnt->dst; > + return !(strncmp(dst, "/dev", 4) == 0 && (dst[4] == 0 || dst[4] == > '/')); > +} > + > +/* Read mounts from 'self/mounts' relative to a directory filedescriptor. > + * Before entering the container we open a handle to /proc on the host as we > + * need to access /proc/self/mounts and the container's /proc doesn't contain > + * our /self. We then use openat(2) to avoid having to mount a temporary > /proc. > + */ > +static int read_mounts(int procfd, struct mount **mp, size_t *countp) { > + int fd; > + struct mntent *ent; > + FILE *mf; > + size_t capacity = 32; > + size_t count = 0; > + struct mount *mounts = (struct mount*)malloc(capacity * > sizeof(*mounts)); > + > + if (!mounts) { > + errno = ENOMEM; > + return 0; > + } > + > + *mp = NULL; > + *countp = 0; > + > + fd = openat(procfd, "self/mounts", O_RDONLY); > + if (fd < 0) > + return 0; > + > + mf = fdopen(fd, "r"); > + if (!mf) { > + int error = errno; > + close(fd); > + errno = error; > + return 0; > + } > + while ((ent = getmntent(mf))) { > + struct mount *new; > + if (count == capacity) { > + capacity *= 2; > + new = (s
[lxc-devel] LXC 1.1.4 has been released!
Hello everyone, The fourth LXC 1.1 bugfix release is now out! This includes all bugfixes committed to master since the release of LXC 1.1.3. As usual, the full announcement and changelog may be found at: https://linuxcontainers.org/lxc/news/ And our tarballs can be downloaded from: https://linuxcontainers.org/lxc/downloads/ LXC 1.1 is the latest stable release of LXC. Note that this isn't a long term support release and it will only be supported for a year. For production environments, we still recommend using LXC 1.0 which we will be supporting until April 2019. Stéphane Graber On behalf of the LXC development team signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] Passed: lxc/lxc#1282 (lxc-1.1.4 - e9bcaaf)
Build Update for lxc/lxc - Build: #1282 Status: Passed Duration: 1 minute and 12 seconds Commit: e9bcaaf (lxc-1.1.4) Author: Stéphane Graber Message: change version to 1.1.4 in configure.ac Signed-off-by: Stéphane Graber View the changeset: https://github.com/lxc/lxc/compare/lxc-1.1.4 View the full build log and details: https://travis-ci.org/lxc/lxc/builds/83900058 -- You can configure recipients for build notifications in your .travis.yml file. See http://docs.travis-ci.com/user/notifications ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] e9bcaa: change version to 1.1.4 in configure.ac
Branch: refs/heads/stable-1.1 Home: https://github.com/lxc/lxc Commit: e9bcaafeaa73d0f8f0ef8a0190cb74abd8f11db0 https://github.com/lxc/lxc/commit/e9bcaafeaa73d0f8f0ef8a0190cb74abd8f11db0 Author: Stéphane Graber Date: 2015-10-06 (Tue, 06 Oct 2015) Changed paths: M configure.ac Log Message: --- change version to 1.1.4 in configure.ac Signed-off-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/tags/lxc-1.1.4 Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] doc: Add the note related mount in Korean lxc.container.conf(5)
Update for commit 592fd47 Signed-off-by: Sungbae Yoo diff --git a/doc/ko/lxc.container.conf.sgml.in b/doc/ko/lxc.container.conf.sgml.in index b305680..6d225a8 100644 --- a/doc/ko/lxc.container.conf.sgml.in +++ b/doc/ko/lxc.container.conf.sgml.in @@ -1008,6 +1008,23 @@ by Sungbae Yoo 이 마운트 포인트들은 컨테이너에서만 보이고 외부에서 실행하는 프로세스들에겐 보이지 않는다. 이는 예를 들어 /etc, /var, /home을 마운트할 때 유용하다. + + +주의 - 보통 LXC는 마운트 대상과 상대 경로로 된 바인드 마운트 소스들이 컨테이너의 루트 아래에 있도록 보장할 것이다. 이는 호스트 디렉토리와 파일들을 겹쳐서 마운트하는 유형의 공격을 피하기 위한 것이다. (절대 경로로 된 마운트 소스 내에 존재하는 심볼릭 링크들은 무시될 것이다.) +하지만, 만약 컨테이너 설정에서 컨테이너 사용자가 제어할 수 있는, 예를 들어 /home/joe와 같은 디렉토리를 컨테이너 내의 path에 먼저 마운트 하고 나서, path 내에 또 마운트를 하는 경우가 있다면, +컨테이너 사용자가 자신의 home 디렉토리에 있는 심볼릭링크를 정확한 시간에 조작하여, TOCTTOU (역주 : Time of check to time of use) 공격이 가능할 것이다. + -- 1.9.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] doc: Add the common and '-s' option in Korean lxc-destroy(1)
Update for commit 3635c5e Signed-off-by: Sungbae Yoo diff --git a/doc/ko/lxc-destroy.sgml.in b/doc/ko/lxc-destroy.sgml.in index cb5d0b6..5a9cb36 100644 --- a/doc/ko/lxc-destroy.sgml.in +++ b/doc/ko/lxc-destroy.sgml.in @@ -57,6 +57,7 @@ by Sungbae Yoo lxc-destroy -n name -f + -s @@ -80,7 +81,7 @@ by Sungbae Yoo - -f + -f, --force @@ -96,13 +97,13 @@ by Sungbae Yoo --P, --lxcpath=PATH +-s, --snapshots -컨테이너 경로를 지정한다. 기본값은 @LXCPATH@이다. +해당 컨테이너의 모든 스냅샷까지 제거한다. @@ -111,6 +112,8 @@ by Sungbae Yoo + &commonoptions; + 진단 -- 1.9.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH v3 3/7] added stop-hook entries
Signed-off-by: Wolfgang Bumiller Acked-by: Serge E. Hallyn --- src/lxc/conf.c| 4 +++- src/lxc/conf.h| 2 +- src/lxc/confile.c | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 0913b22..f81efcd 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -163,7 +163,7 @@ return -1; #endif char *lxchook_names[NUM_LXC_HOOKS] = { - "pre-start", "pre-mount", "mount", "autodev", "start", "post-stop", "clone", "destroy" }; + "pre-start", "pre-mount", "mount", "autodev", "start", "stop", "post-stop", "clone", "destroy" }; typedef int (*instantiate_cb)(struct lxc_handler *, struct lxc_netdev *); @@ -3878,6 +3878,8 @@ int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf, which = LXCHOOK_AUTODEV; else if (strcmp(hook, "start") == 0) which = LXCHOOK_START; + else if (strcmp(hook, "stop") == 0) + which = LXCHOOK_STOP; else if (strcmp(hook, "post-stop") == 0) which = LXCHOOK_POSTSTOP; else if (strcmp(hook, "clone") == 0) diff --git a/src/lxc/conf.h b/src/lxc/conf.h index 5aebd91..1374d4a 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -279,7 +279,7 @@ enum { */ enum lxchooks { LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV, - LXCHOOK_START, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, LXCHOOK_DESTROY, + LXCHOOK_START, LXCHOOK_STOP, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, LXCHOOK_DESTROY, NUM_LXC_HOOKS}; extern char *lxchook_names[NUM_LXC_HOOKS]; diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 670d957..f7d6814 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -137,6 +137,7 @@ static struct lxc_config_t config[] = { { "lxc.hook.mount", config_hook }, { "lxc.hook.autodev", config_hook }, { "lxc.hook.start", config_hook }, + { "lxc.hook.stop",config_hook }, { "lxc.hook.post-stop", config_hook }, { "lxc.hook.clone", config_hook }, { "lxc.hook.destroy", config_hook }, @@ -1085,6 +1086,8 @@ static int config_hook(const char *key, const char *value, return add_hook(lxc_conf, LXCHOOK_MOUNT, copy); else if (strcmp(key, "lxc.hook.start") == 0) return add_hook(lxc_conf, LXCHOOK_START, copy); + else if (strcmp(key, "lxc.hook.stop") == 0) + return add_hook(lxc_conf, LXCHOOK_STOP, copy); else if (strcmp(key, "lxc.hook.post-stop") == 0) return add_hook(lxc_conf, LXCHOOK_POSTSTOP, copy); else if (strcmp(key, "lxc.hook.clone") == 0) -- 2.1.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH v3 7/7] added the unmount-namespace hook
Signed-off-by: Wolfgang Bumiller --- hooks/Makefile.am | 6 ++ hooks/unmount-namespace.c | 213 ++ 2 files changed, 219 insertions(+) create mode 100644 hooks/unmount-namespace.c diff --git a/hooks/Makefile.am b/hooks/Makefile.am index be55601..ef82083 100644 --- a/hooks/Makefile.am +++ b/hooks/Makefile.am @@ -6,4 +6,10 @@ hooks_SCRIPTS = \ ubuntu-cloud-prep \ squid-deb-proxy-client +hooks_PROGRAMS = \ + unmount-namespace + +unmount_namespace_SOURCES = \ + unmount-namespace.c + EXTRA_DIST=$(hooks_SCRIPTS) diff --git a/hooks/unmount-namespace.c b/hooks/unmount-namespace.c new file mode 100644 index 000..488c9cc --- /dev/null +++ b/hooks/unmount-namespace.c @@ -0,0 +1,213 @@ +/* + * Copyright © 2015 Wolfgang Bumiller . + * Copyright © 2015 Proxmox Server Solutions GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * + * -- + * + * This stop-hook unmounts everything in the container's namespace, and thereby + * waits for all calls commands to finish. This is useful when one needs to be + * sure that network filesystems are finished unmounting in the namespace + * before continuing with other tasks. Without this hook the cleanup of mounts + * is done by the kernel in the background after all the references to the + * namespaces are gone. + */ + +#define _GNU_SOURCE/* setns */ +#include /* fdopen, getmntent, endmntent */ +#include /* malloc, qsort */ +#include /* close */ +#include /* strcmp, strncmp, strdup, strerror */ +#include /* setns */ +#include /* umount2 */ +#include /* openat, open */ +#include /* openat, open */ +#include /* openat, open */ +#include /* getmntent, endmntent */ +#include /* errno */ + +struct mount { + char *src; /* currently not used */ + char *dst; + char *fs; /* currently not used */ +}; + +static void mount_free(struct mount *mnt) { + free(mnt->src); + free(mnt->dst); + free(mnt->fs); +} + +static int mount_cmp_dst(const void *a_, const void *b_) { + struct mount *a = (struct mount*)a_; + struct mount *b = (struct mount*)b_; + return strcmp(b->dst, a->dst); /* swapped order */ +} + +/* Unmounting /dev/pts fails, and so /dev also fails, but /dev is not what + * we're interested in. (There might also still be /dev/cgroup mounts). + */ +static int mount_should_error(const struct mount *mnt) { + const char *dst = mnt->dst; + return !(strncmp(dst, "/dev", 4) == 0 && (dst[4] == 0 || dst[4] == '/')); +} + +/* Read mounts from 'self/mounts' relative to a directory filedescriptor. + * Before entering the container we open a handle to /proc on the host as we + * need to access /proc/self/mounts and the container's /proc doesn't contain + * our /self. We then use openat(2) to avoid having to mount a temporary /proc. + */ +static int read_mounts(int procfd, struct mount **mp, size_t *countp) { + int fd; + struct mntent *ent; + FILE *mf; + size_t capacity = 32; + size_t count = 0; + struct mount *mounts = (struct mount*)malloc(capacity * sizeof(*mounts)); + + if (!mounts) { + errno = ENOMEM; + return 0; + } + + *mp = NULL; + *countp = 0; + + fd = openat(procfd, "self/mounts", O_RDONLY); + if (fd < 0) + return 0; + + mf = fdopen(fd, "r"); + if (!mf) { + int error = errno; + close(fd); + errno = error; + return 0; + } + while ((ent = getmntent(mf))) { + struct mount *new; + if (count == capacity) { + capacity *= 2; + new = (struct mount*)realloc(mounts, capacity * sizeof(*mounts)); + if (!new) + goto out_alloc_entry; + mounts = new; + } + new = &mounts[count++]; + new->src = strdup(ent->mnt_fsname); + new->dst = strdup(ent->mnt_dir); + new->fs = strdup(ent->mnt_type); + if (!new->src || !new->dst || !new->fs) + goto out_alloc_entry; + } + endmntent(mf); + + *mp = mounts; + *countp = count; + + return 1; + +out_a
[lxc-devel] [PATCH v3 1/7] start.c:preserve_ns: added pid parameter
Signed-off-by: Wolfgang Bumiller Acked-by: Serge E. Hallyn --- src/lxc/start.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index 0601333..1a7d5a3 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -124,14 +124,15 @@ static void close_ns(int ns_fd[LXC_NS_MAX]) { } } -static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) { +static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) { int i, saved_errno; char path[MAXPATHLEN]; for (i = 0; i < LXC_NS_MAX; i++) ns_fd[i] = -1; - if (access("/proc/self/ns", X_OK)) { + snprintf(path, MAXPATHLEN, "/proc/%d/ns", pid); + if (access(path, X_OK)) { WARN("Kernel does not support attach; preserve_ns ignored"); return 0; } @@ -139,7 +140,8 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags) { for (i = 0; i < LXC_NS_MAX; i++) { if ((clone_flags & ns_info[i].clone_flag) == 0) continue; - snprintf(path, MAXPATHLEN, "/proc/self/ns/%s", ns_info[i].proc_name); + snprintf(path, MAXPATHLEN, "/proc/%d/ns/%s", pid, +ns_info[i].proc_name); ns_fd[i] = open(path, O_RDONLY | O_CLOEXEC); if (ns_fd[i] < 0) goto error; @@ -973,7 +975,7 @@ static int lxc_spawn(struct lxc_handler *handler) INFO("failed to pin the container's rootfs"); } - if (preserve_ns(saved_ns_fd, preserve_mask) < 0) + if (preserve_ns(saved_ns_fd, preserve_mask, getpid()) < 0) goto out_delete_net; if (attach_ns(handler->conf->inherit_ns_fd) < 0) goto out_delete_net; -- 2.1.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH v3 6/7] document the stop hook
Signed-off-by: Wolfgang Bumiller Acked-by: Serge E. Hallyn --- doc/lxc.container.conf.sgml.in | 27 +-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index 7b599e5..f1a87e9 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -1280,9 +1280,12 @@ mknod errno 0 Container name. Section (always 'lxc'). The hook type (i.e. 'clone' or 'pre-mount'). - Additional arguments In the + Additional arguments. In the case of the clone hook, any extra arguments passed to - lxc-clone will appear as further arguments to the hook. + lxc-clone will appear as further arguments to the hook. + In the case of the stop hook, paths to filedescriptors + for each of the container's namespaces along with their types + are passed. The following environment variables are set: @@ -1379,6 +1382,26 @@ mknod errno 0 +lxc.hook.stop + + + + A hook to be run in the host's namespace with references + to the container's namespaces after the container has been shut + down. For each namespace an extra argument is passed to the hook + containing the namespace's type and a filename that can be used to + obtain a file descriptor to the corresponding namespace, separated + by a colon. The type is the name as it would appear in the + /proc/PID/ns directory. + For instance for the mount namespace the argument usually looks + like mnt:/proc/PID/fd/12. + + + + + + + lxc.hook.post-stop -- 2.1.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH v3 5/7] pass namespace handles to the stop hook
Signed-off-by: Wolfgang Bumiller Acked-by: Serge E. Hallyn --- src/lxc/start.c | 21 +++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index a1eb961..d24b586 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -486,15 +486,32 @@ out_free: void lxc_fini(const char *name, struct lxc_handler *handler) { - int i; + int i, rc; + pid_t self = getpid(); + char *namespaces[LXC_NS_MAX+1]; + size_t namespace_count = 0; /* The STOPPING state is there for future cleanup code * which can take awhile */ lxc_set_state(name, handler, STOPPING); - if (run_lxc_hooks(name, "stop", handler->conf, handler->lxcpath, NULL)) + for (i = 0; i < LXC_NS_MAX; i++) { + if (handler->nsfd[i] != -1) { + rc = asprintf(&namespaces[namespace_count], "%s:/proc/%d/fd/%d", + ns_info[i].proc_name, self, handler->nsfd[i]); + if (rc == -1) { + SYSERROR("failed to allocate memory"); + break; + } + ++namespace_count; + } + } + namespaces[namespace_count] = NULL; + if (run_lxc_hooks(name, "stop", handler->conf, handler->lxcpath, namespaces)) ERROR("failed to run stop hooks for container '%s'.", name); + while (namespace_count--) + free(namespaces[namespace_count]); for (i = 0; i < LXC_NS_MAX; i++) { if (handler->nsfd[i] != -1) { close(handler->nsfd[i]); -- 2.1.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH v3 0/7] stop-hook with namespace access
Changes to v2: - patch 5: turned `namespaces` into an array and added Acked-by Serge E. Hallyn - patch 7: various things listed by Serge: * description comment right below the license header * mentioned /dev/cgroup in the mount_should_error query (since it returns false for all /dev paths it didn't need new code) * read_mounts: check malloc(), realloc() and strdup() (With the fact that free() checks its parameter for NULL I just checked all 3 strdup()s together at the end. I set errno to ENOMEM as the caller uses strerror() on failure. * 'break' after finding the 'mnt:' argument Wolfgang Bumiller (7): start.c:preserve_ns: added pid parameter preserve container namespace added stop-hook entries run stop hook between STOPPING and STOPPED states pass namespace handles to the stop hook document the stop hook added the unmount-namespace hook doc/lxc.container.conf.sgml.in | 27 +- hooks/Makefile.am | 6 ++ hooks/unmount-namespace.c | 213 + src/lxc/conf.c | 4 +- src/lxc/conf.h | 2 +- src/lxc/confile.c | 3 + src/lxc/start.c| 47 - src/lxc/start.h| 1 + 8 files changed, 295 insertions(+), 8 deletions(-) create mode 100644 hooks/unmount-namespace.c -- 2.1.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH v3 4/7] run stop hook between STOPPING and STOPPED states
Signed-off-by: Wolfgang Bumiller Acked-by: Serge E. Hallyn --- src/lxc/start.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 87fc32f..a1eb961 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -493,6 +493,8 @@ void lxc_fini(const char *name, struct lxc_handler *handler) */ lxc_set_state(name, handler, STOPPING); + if (run_lxc_hooks(name, "stop", handler->conf, handler->lxcpath, NULL)) + ERROR("failed to run stop hooks for container '%s'.", name); for (i = 0; i < LXC_NS_MAX; i++) { if (handler->nsfd[i] != -1) { close(handler->nsfd[i]); -- 2.1.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH v3 2/7] preserve container namespace
Signed-off-by: Wolfgang Bumiller Acked-by: Serge E. Hallyn --- src/lxc/start.c | 18 ++ src/lxc/start.h | 1 + 2 files changed, 19 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 1a7d5a3..87fc32f 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -379,6 +379,7 @@ out_sigfd: struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char *lxcpath) { + int i; struct lxc_handler *handler; handler = malloc(sizeof(*handler)); @@ -392,6 +393,9 @@ struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf, const char handler->lxcpath = lxcpath; handler->pinfd = -1; + for (i = 0; i < LXC_NS_MAX; i++) + handler->nsfd[i] = -1; + lsm_init(); handler->name = strdup(name); @@ -482,10 +486,19 @@ out_free: void lxc_fini(const char *name, struct lxc_handler *handler) { + int i; + /* The STOPPING state is there for future cleanup code * which can take awhile */ lxc_set_state(name, handler, STOPPING); + + for (i = 0; i < LXC_NS_MAX; i++) { + if (handler->nsfd[i] != -1) { + close(handler->nsfd[i]); + handler->nsfd[i] = -1; + } + } lxc_set_state(name, handler, STOPPED); if (run_lxc_hooks(name, "post-stop", handler->conf, handler->lxcpath, NULL)) @@ -996,6 +1009,11 @@ static int lxc_spawn(struct lxc_handler *handler) goto out_delete_net; } + if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid) < 0) { + ERROR("failed to store namespace references"); + goto out_delete_net; + } + if (attach_ns(saved_ns_fd)) WARN("failed to restore saved namespaces"); diff --git a/src/lxc/start.h b/src/lxc/start.h index f1a41f5..86b19a2 100644 --- a/src/lxc/start.h +++ b/src/lxc/start.h @@ -75,6 +75,7 @@ struct lxc_handler { void *cgroup_data; int ttysock[2]; // socketpair for child->parent tty fd passing bool backgrounded; // indicates whether should we close std{in,out,err} on start + int nsfd[LXC_NS_MAX]; }; -- 2.1.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] doc: Add lxc.ephemeral in Japanese lxc.container.conf(5)
Update for commit 4e6eb26 Signed-off-by: KATOH Yasufumi --- doc/ja/lxc.container.conf.sgml.in | 26 ++ 1 file changed, 26 insertions(+) diff --git a/doc/ja/lxc.container.conf.sgml.in b/doc/ja/lxc.container.conf.sgml.in index e07a3df..45e5c31 100644 --- a/doc/ja/lxc.container.conf.sgml.in +++ b/doc/ja/lxc.container.conf.sgml.in @@ -382,6 +382,32 @@ by KATOH Yasufumi + 一時的なコンテナ + + +シャットダウン後にコンテナを削除するかどうかを指定できます。 + + + + +lxc.ephemeral + + + + + 指定できる値は 0 または 1 のみです。この値を 1 に設定すると、シャットダウン後にコンテナを削除します。 + + + + + + + ネットワーク
[lxc-devel] [PATCH v4] Make overlayfs mounts work directly
When users wanted to mount overlay directories with lxc.mount.entry they had to create upperdirs and workdirs beforehand in order to mount them. To create it for them we add the functions mount_entry_create_overlay_dirs() and mount_entry_create_aufs_dirs() which do this for them. User can now simply specify e.g.: lxc.mount.entry = /lower merged overlay lowerdir=/lower,upper=/upper,workdir=/workdir,create=dir and /upper and /workdir will be created for them. /upper and /workdir need to be absolute paths to directories which are created under the containerdir (e.g. under $lxcpath/CONTAINERNAME/). Relative mountpoints, mountpoints outside the containerdir, and mountpoints within the container's rootfs are ignored. (The latter *might* change in the future should it be considered safe/useful.) Specifying lxc.mount.entry = /lower merged overlay lowerdir=/lower:/lower2,create=dir will lead to a read-only overlay mount in accordance with the kernel-documentation. Specifying lxc.mount.entry = /lower merged overlay lowerdir=/lower,create=dir will fail when no upperdir and workdir options are given. Signed-off-by: Christian Brauner --- src/lxc/conf.c | 156 - 1 file changed, 144 insertions(+), 12 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 6728c78..0fde952 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1815,13 +1815,145 @@ static void cull_mntent_opt(struct mntent *mntent) } } +static int mount_entry_create_overlay_dirs(const struct mntent *mntent, + const struct lxc_rootfs *rootfs) +{ + char *del = NULL; + char *lxcpath = NULL; + char *upperdir = NULL; + char *workdir = NULL; + char **opts = NULL; + size_t arrlen = 0; + size_t dirlen = 0; + size_t i; + size_t len = 0; + size_t rootfslen = 0; + + if (!rootfs->path) + return -1; + + opts = lxc_string_split(mntent->mnt_opts, ','); + if (opts) + arrlen = lxc_array_len((void **)opts); + else + return -1; + + for (i = 0; i < arrlen; i++) { + if (strstr(opts[i], "upperdir=") && (strlen(opts[i]) > (len = strlen("upperdir=" + upperdir = opts[i] + len; + else if (strstr(opts[i], "workdir=") && (strlen(opts[i]) > (len = strlen("workdir=" + workdir = opts[i] + len; + } + + lxcpath = strdup(rootfs->path); + if (!lxcpath) { + lxc_free_array((void **)opts, free); + return -1; + } + + del = strstr(lxcpath, "/rootfs"); + if (!del) + return -1; + *del = '\0'; + + dirlen = strlen(lxcpath); + rootfslen = strlen(rootfs->path); + + /* We neither allow users to create upperdirs and workdirs outside the +* containerdir nor inside the rootfs. The latter might be debatable. */ + if (upperdir) + if ((strncmp(upperdir, lxcpath, dirlen) == 0) && (strncmp(upperdir, rootfs->path, rootfslen) != 0)) + if (mkdir_p(upperdir, 0755) < 0) { + WARN("Failed to create upperdir"); + } + + + if (workdir) + if ((strncmp(workdir, lxcpath, dirlen) == 0) && (strncmp(workdir, rootfs->path, rootfslen) != 0)) + if (mkdir_p(workdir, 0755) < 0) { + WARN("Failed to create workdir"); + } + + free(lxcpath); + lxc_free_array((void **)opts, free); + return 0; +} + +static int mount_entry_create_aufs_dirs(const struct mntent *mntent, + const struct lxc_rootfs *rootfs) +{ + char *del = NULL; + char *lxcpath = NULL; + char *scratch = NULL; + char *tmp = NULL; + char *upperdir = NULL; + char **opts = NULL; + size_t arrlen = 0; + size_t i; + size_t len = 0; + + if (!rootfs->path) + return -1; + + opts = lxc_string_split(mntent->mnt_opts, ','); + if (opts) + arrlen = lxc_array_len((void **)opts); + else + return -1; + + for (i = 0; i < arrlen; i++) { + if (strstr(opts[i], "br=") && (strlen(opts[i]) > (len = strlen("br=" + tmp = opts[i] + len; + } + if (!tmp) { + lxc_free_array((void **)opts, free); + return -1; + } + + upperdir = strtok_r(tmp, ":=", &scratch); + if (!upperdir) { + lxc_free_array((void **)opts, free); + return -1; + } + + lxcpath = strdup(rootfs->path); + if (!lxcpath) { + lxc_free_array((void **)opts, free); + return -1; + } + + del = strstr(lxcpath, "/rootfs");
[lxc-devel] [PATCH v4] Make overlayfs mounts work directly
I now included a check whether rootfs->path is empty in mount_entry_create_overlay_dirs() mount_entry_create_aufs_dirs(). Christian Brauner (1): Make overlayfs mounts work directly src/lxc/conf.c | 156 - 1 file changed, 144 insertions(+), 12 deletions(-) -- 2.6.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel