}
static int mount_entry_on_absolute_rootfs(struct mntent *mntent,
- const struct lxc_rootfs *rootfs)
+ const struct lxc_rootfs *rootfs,
+ const char *lxc_name)
{
char *aux;
char path[MAXPATHLEN];
unsigned long mntflags;
char *mntdata;
- int ret = 0;
+ int r, ret = 0, offset;
if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
return -1;
}
+ /* if rootfs->path is a blockdev path, allow container fstab to
+ * use /var/lib/lxc/CN/rootfs as the target prefix */
+ r = snprintf(path, MAXPATHLEN, "/var/lib/lxc/%s/rootfs", lxc_name);
+ if (r < 0 || r >= MAXPATHLEN)
+ goto skipvarlib;
+
+ aux = strstr(mntent->mnt_dir, path);
+ if (aux) {
+ offset = strlen(path);
+ goto skipabs;
+ }
+
+skipvarlib:
aux = strstr(mntent->mnt_dir, rootfs->path);
if (!aux) {
WARN("ignoring mount point '%s'", mntent->mnt_dir);
goto out;
}
+ offset = strlen(rootfs->path);
+
+skipabs:
snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount,
- aux + strlen(rootfs->path));
+ aux + offset);
+ if (r < 0 || r >= MAXPATHLEN) {
+ WARN("pathnme too long for '%s'", mntent->mnt_dir);
+ ret = -1;
+ goto out;
+ }
+
ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type,
mntflags, mntdata);
return ret;
}
-static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file)
+static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file,
+ const char *lxc_name)
{
struct mntent *mntent;
int ret = -1;
continue;
}
- if (mount_entry_on_absolute_rootfs(mntent, rootfs))
+ if (mount_entry_on_absolute_rootfs(mntent, rootfs, lxc_name))
goto out;
}
return ret;
}
-static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab)
+static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
+ const char *lxc_name)
{
FILE *file;
int ret;
return -1;
}
- ret = mount_file_entries(rootfs, file);
+ ret = mount_file_entries(rootfs, file, lxc_name);
endmntent(file);
return ret;
}
-static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount)
+static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount,
+ const char *lxc_name)
{
FILE *file;
struct lxc_list *iterator;
rewind(file);
- ret = mount_file_entries(rootfs, file);
+ ret = mount_file_entries(rootfs, file, lxc_name);
fclose(file);
return ret;
return -1;
}
- if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab)) {
+ if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) {
ERROR("failed to setup the mounts for '%s'", name);
return -1;
}
- if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list)) {
+ if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name)) {
ERROR("failed to setup the mount entries for '%s'", name);
return -1;
}
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
EOF
cat <<EOF > $config_path/fstab
-proc $rootfs_path/proc proc nodev,noexec,nosuid 0 0
-devpts $rootfs_path/dev/pts devpts defaults 0 0
-sysfs $rootfs_path/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+devpts dev/pts devpts defaults 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
lxc.utsname = $name
lxc.pts = 1024
lxc.rootfs = $rootfs
-lxc.mount.entry=/dev $rootfs/dev none ro,bind 0 0
-lxc.mount.entry=/lib $rootfs/lib none ro,bind 0 0
-lxc.mount.entry=/bin $rootfs/bin none ro,bind 0 0
-lxc.mount.entry=/usr /$rootfs/usr none ro,bind 0 0
-lxc.mount.entry=/sbin $rootfs/sbin none ro,bind 0 0
-lxc.mount.entry=tmpfs $rootfs/var/run/sshd tmpfs mode=0644 0 0
-lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd $rootfs/sbin/init none bind 0 0
+lxc.mount.entry=/dev dev none ro,bind 0 0
+lxc.mount.entry=/lib lib none ro,bind 0 0
+lxc.mount.entry=/bin bin none ro,bind 0 0
+lxc.mount.entry=/usr usr none ro,bind 0 0
+lxc.mount.entry=/sbin sbin none ro,bind 0 0
+lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0
+lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
EOF
if [ "$(uname -m)" = "x86_64" ]; then
cat <<EOF >> $path/config
-lxc.mount.entry=/lib64 $rootfs/lib64 none ro,bind 0 0
+lxc.mount.entry=/lib64 lib64 none ro,bind 0 0
EOF
fi
}
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
return 0
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
# bind-mount the user's path into the container's /home
h=`getent passwd $user | cut -d: -f 6`
mkdir -p $rootfs/$h
- echo "$h $rootfs/$h none bind 0 0" >> $path/fstab
+ echo "$h $h none bind 0 0" >> $path/fstab
# Make sure the group exists in container
grp=`echo $pwd | cut -d: -f 4` # group number for $user
projects / thirdparty / lxc.git / commitdiff
