conf: fix setups where /dev is outside of LXC's control

Fixes: #3770
Suggested-by: Ruben Jenster <r.jenster@drachenfels.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 37bf28d342cba332a33d718f488e505435058fc2..11c177b865f363592566b1985e7abf04fffb5241 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3457,12 +3457,6 @@ int lxc_setup(struct lxc_handler *handler)
                        return log_error(-1, "Failed to mount \"/dev\"");
        }
 
-       lxc_conf->rootfs.dfd_dev = open_at(lxc_conf->rootfs.dfd_mnt, "dev",
-                                               PROTECT_OPATH_DIRECTORY,
-                                               PROTECT_LOOKUP_BENEATH_XDEV, 0);
-       if (lxc_conf->rootfs.dfd_dev < 0 && errno != ENOENT)
-               return log_error_errno(-errno, errno, "Failed to open \"/dev\"");
-
        /* Do automatic mounts (mainly /proc and /sys), but exclude those that
         * need to wait until other stuff has finished.
         */
@@ -3481,6 +3475,11 @@ int lxc_setup(struct lxc_handler *handler)
                        return log_error(-1, "Failed to setup mount entries");
        }
 
+       lxc_conf->rootfs.dfd_dev = open_at(lxc_conf->rootfs.dfd_mnt, "dev",
+                                          PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH_XDEV, 0);
+       if (lxc_conf->rootfs.dfd_dev < 0 && errno != ENOENT)
+               return log_error_errno(-errno, errno, "Failed to open \"/dev\"");
+
        if (lxc_conf->is_execute) {
                if (execveat_supported()) {
                        int fd;