skip rootfs pinning for unprivileged containers

This is perfectly safe since you cannot unmount the host fs from
a child userns.

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 441d0f45b50a5ae4d812f4831d307cd038fa8fe3..b09bd9b0828255702cdc1dbf12ddcd653eafb655 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -763,11 +763,14 @@ static int lxc_spawn(struct lxc_handler *handler)
        /*
         * if the rootfs is not a blockdev, prevent the container from
         * marking it readonly.
+        *
+        * if the container is unprivileged then skip rootfs pinning
         */
-
-       handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
-       if (handler->pinfd == -1)
-               INFO("failed to pin the container's rootfs");
+       if (lxc_list_empty(&handler->conf->id_map)) {
+               handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
+               if (handler->pinfd == -1)
+                       INFO("failed to pin the container's rootfs");
+       }
 
        if (preserve_ns(saved_ns_fd, preserve_mask) < 0)
                goto out_delete_net;