]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 86087bd)
conf: start stashing dfd to host's / during container setup
authorChristian Brauner <christian.brauner@ubuntu.com>
Thu, 4 Feb 2021 14:56:37 +0000 (15:56 +0100)
committerChristian Brauner <christian.brauner@ubuntu.com>
Thu, 4 Feb 2021 18:49:22 +0000 (19:49 +0100)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/conf.c patch | blob | blame | history
src/lxc/conf.h patch | blob | blame | history

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 625fe62ff90e6e34c959ab19b95293aef1299bdd..0684058be78ed57890b2faa39e3b58bd8ba9f86d 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2612,6 +2612,7 @@ struct lxc_conf *lxc_conf_init(void)
        new->rootfs.managed = true;
        new->rootfs.mntpt_fd = -EBADF;
        new->rootfs.dev_mntpt_fd = -EBADF;
+       new->rootfs.dfd_root_host = -EBADF;
        new->logfd = -1;
        lxc_list_init(&new->cgroup);
        lxc_list_init(&new->cgroup2);
@@ -3184,6 +3185,10 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
 {
        int ret;
 
+       conf->rootfs.dfd_root_host = open_at(-EBADF, "/", PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE, 0);
+       if (conf->rootfs.dfd_root_host < 0)
+               return log_error_errno(-errno, errno, "Failed to open \"/\"");
+
        if (conf->rootfs_setup) {
                const char *path = conf->rootfs.mount;
 
@@ -3514,6 +3519,7 @@ int lxc_setup(struct lxc_handler *handler)
 
        close_prot_errno_disarm(lxc_conf->rootfs.mntpt_fd)
        close_prot_errno_disarm(lxc_conf->rootfs.dev_mntpt_fd)
+       close_prot_errno_disarm(lxc_conf->rootfs.dfd_root_host)
        NOTICE("The container \"%s\" is set up", name);
 
        return 0;
@@ -3879,6 +3885,7 @@ void lxc_conf_free(struct lxc_conf *conf)
        free(conf->rootfs.data);
        close_prot_errno_disarm(conf->rootfs.mntpt_fd);
        close_prot_errno_disarm(conf->rootfs.dev_mntpt_fd);
+       close_prot_errno_disarm(conf->rootfs.dfd_root_host);
        free(conf->logfile);
        if (conf->logfd != -1)
                close(conf->logfd);
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 3b45f0e61ee2642e570f9edb0d2eb091b1cdac1f..b5ba71e7c7999030c0b954118a7a62812b5071bf 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -194,6 +194,7 @@ struct lxc_tty_info {
  * @dev_mntpt_fd : fd for /dev of the container
  */
 struct lxc_rootfs {
+       int dfd_root_host;
        int mntpt_fd;
        int dev_mntpt_fd;
        char *path;
Mirror of https://github.com/lxc/lxc.git