container start: check for start hooks in container rootfs

Do so early enough that we can report a meaningful failure.

(This should fix https://github.com/lxc/lxc/issues/225)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index e6067e10c533a2cb925d74a90ee0de2c68fa2520..7b7f20fd6c8bac11f8da920c2efad27fabce1d71 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3851,6 +3851,30 @@ int do_rootfs_setup(struct lxc_conf *conf, const char *name, const char *lxcpath
        return 0;
 }
 
+static bool verify_start_hooks(struct lxc_conf *conf)
+{
+       struct lxc_list *it;
+       char path[MAXPATHLEN];
+       lxc_list_for_each(it, &conf->hooks[LXCHOOK_START]) {
+               char *hookname = it->elem;
+               struct stat st;
+               int ret;
+
+               ret = snprintf(path, MAXPATHLEN, "%s%s",
+                       conf->rootfs.mount, hookname);
+               if (ret < 0 || ret >= MAXPATHLEN)
+                       return false;
+               ret = stat(path, &st);
+               if (ret) {
+                       SYSERROR("Start hook %s not found in container rootfs",
+                                       hookname);
+                       return false;
+               }
+       }
+
+       return true;
+}
+
 int lxc_setup(struct lxc_handler *handler)
 {
        const char *name = handler->name;
@@ -3904,6 +3928,10 @@ int lxc_setup(struct lxc_handler *handler)
                return -1;
        }
 
+       /* Make sure any start hooks are in the rootfs */
+       if (!verify_start_hooks(lxc_conf))
+               return -1;
+
        /* now mount only cgroup, if wanted;
         * before, /sys could not have been mounted
         * (is either mounted automatically or via fstab entries)