conf: simplify dependent mount logic

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 1be71a8656312cc31c0a0da95ec3b0cb86d0ae5b..bdf7474763904550a6a3c302a35dacb875421c02 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3111,7 +3111,7 @@ void tmp_proc_unmount(struct lxc_conf *lxc_conf)
 }
 
 /* Walk /proc/mounts and change any shared entries to dependent mounts. */
-void turn_into_dependent_mounts(void)
+static void turn_into_dependent_mounts(const struct lxc_rootfs *rootfs)
 {
        __do_free char *line = NULL;
        __do_fclose FILE *f = NULL;
@@ -3120,9 +3120,10 @@ void turn_into_dependent_mounts(void)
        ssize_t copied;
        int ret;
 
-       mntinfo_fd = open("/proc/self/mountinfo", O_RDONLY | O_CLOEXEC);
+       mntinfo_fd = open_at(rootfs->dfd_host, "proc/self/mountinfo", PROTECT_OPEN,
+                            (PROTECT_LOOKUP_BENEATH_XDEV & ~RESOLVE_NO_SYMLINKS), 0);
        if (mntinfo_fd < 0) {
-               SYSERROR("Failed to open \"/proc/self/mountinfo\"");
+               SYSERROR("Failed to open %d/proc/self/mountinfo", rootfs->dfd_host);
                return;
        }
 
@@ -3187,7 +3188,6 @@ void turn_into_dependent_mounts(void)
                        SYSERROR("Failed to recursively turn old root mount tree into dependent mount. Continuing...");
                        continue;
                }
-               TRACE("Recursively turned old root mount tree into dependent mount");
        }
        TRACE("Turned all mount table entries into dependent mount");
 }
@@ -3256,10 +3256,13 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
        if (conf->rootfs.dfd_host < 0)
                return log_error_errno(-errno, errno, "Failed to open \"/\"");
 
+       turn_into_dependent_mounts(&conf->rootfs);
+
        if (conf->rootfs_setup) {
                const char *path = conf->rootfs.mount;
 
-               /* The rootfs was set up in another namespace. bind-mount it to
+               /*
+                * The rootfs was set up in another namespace. bind-mount it to
                 * give us a mount in our own ns so we can pivot_root to it
                 */
                ret = mount(path, path, "rootfs", MS_BIND, NULL);
@@ -3273,8 +3276,6 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
                return log_trace(0, "Bind mounted container / onto itself");
        }
 
-       turn_into_dependent_mounts();
-
        ret = run_lxc_hooks(name, "pre-mount", conf, NULL);
        if (ret < 0)
                return log_error(-1, "Failed to run pre-mount hooks");

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 6026344146c4fa38363a736a0350e5f176650b93..31f072d393358a546fe3ced0a4a4e954fbbc8608 100644 (file)
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -514,7 +514,6 @@ __hidden extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), v
 __hidden extern int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata);
 __hidden extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
 __hidden extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
-__hidden extern void turn_into_dependent_mounts(void);
 __hidden extern void suggest_default_idmap(void);
 __hidden extern FILE *make_anonymous_mount_file(struct lxc_list *mount, bool include_nesting_helpers);
 __hidden extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);

diff --git a/src/lxc/start.c b/src/lxc/start.c
index f2737a2de630a270f5b882d6d5c5a734d26bd058..3dc579e1d03e83e38a694bf96da3a420bd38468c 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -2050,7 +2050,6 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
                        }
                        INFO("Unshared CLONE_NEWNS");
 
-                       turn_into_dependent_mounts();
                        ret = lxc_setup_rootfs_prepare_root(conf, name, lxcpath);
                        if (ret < 0) {
                                ERROR("Error setting up rootfs mount as root before spawn");