conf: stash file descriptor to root mountpoint in struct lxc_rootfs

This way we only need to open it _once_ per container startup.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 2ab77babf4352ab45e77654bbe6dcb8fd28111e6..a15cd8283a89de3c4849516fc07d04136dbcbf6f 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1233,13 +1233,17 @@ static int lxc_mount_rootfs(struct lxc_conf *conf)
 {
        int ret;
        struct lxc_storage *bdev;
-       const struct lxc_rootfs *rootfs = &conf->rootfs;
+       struct lxc_rootfs *rootfs = &conf->rootfs;
 
        if (!rootfs->path) {
                ret = mount("", "/", NULL, MS_SLAVE | MS_REC, 0);
                if (ret < 0)
                        return log_error_errno(-1, errno, "Failed to recursively turn root mount tree into dependent mount");
 
+               rootfs->mntpt_fd = openat(-1, "/", O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
+               if (rootfs->mntpt_fd < 0)
+                       return -errno;
+
                return 0;
        }
 
@@ -1265,6 +1269,10 @@ static int lxc_mount_rootfs(struct lxc_conf *conf)
              rootfs->path, rootfs->mount,
              rootfs->options ? rootfs->options : "(null)");
 
+       rootfs->mntpt_fd = openat(-1, rootfs->mount, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
+       if (rootfs->mntpt_fd < 0)
+               return -errno;
+
        return 0;
 }
 
@@ -2580,6 +2588,7 @@ struct lxc_conf *lxc_conf_init(void)
                return NULL;
        }
        new->rootfs.managed = true;
+       new->rootfs.mntpt_fd = -EBADF;
        new->logfd = -1;
        lxc_list_init(&new->cgroup);
        lxc_list_init(&new->cgroup2);
@@ -3377,6 +3386,7 @@ int lxc_setup(struct lxc_handler *handler)
                return log_error(-1, "Failed to drop capabilities");
        }
 
+       close_prot_errno_disarm(lxc_conf->rootfs.mntpt_fd);
        NOTICE("The container \"%s\" is set up", name);
 
        return 0;
@@ -3740,6 +3750,7 @@ void lxc_conf_free(struct lxc_conf *conf)
        free(conf->rootfs.options);
        free(conf->rootfs.path);
        free(conf->rootfs.data);
+       close_prot_errno_disarm(conf->rootfs.mntpt_fd);
        free(conf->logfile);
        if (conf->logfd != -1)
                close(conf->logfd);

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 5de2aa2bf2990852f294656267c509d88dfdcac4..bfdf3be314ae438b8531ed2d03f60b3aff7ce789 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -146,8 +146,10 @@ struct lxc_tty_info {
  * @mountflags : the portion of @options that are flags
  * @data       : the portion of @options that are not flags
  * @managed    : whether it is managed by LXC
+ * @mntpt_fd   : fd for @mount
  */
 struct lxc_rootfs {
+       int mntpt_fd;
        char *path;
        char *mount;
        char *bdev_type;