]> git.ipfire.org Git - thirdparty/libvirt.git/commitdiff
projects / thirdparty / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 198c992)
Ensure we always setup a private mount namespace for LXC controller
authorDaniel P. Berrange <berrange@redhat.com>
Mon, 7 Jan 2013 18:14:34 +0000 (18:14 +0000)
committerDaniel P. Berrange <berrange@redhat.com>
Mon, 7 Jan 2013 18:14:34 +0000 (18:14 +0000)
The code for setting up a private /dev/pts for the containers
is also responsible for making the LXC controller have a
private mount namespace. Unfortunately the /dev/pts code is
not run if launching a container without a custom root. This
causes the LXC FUSE mount to leak into the host FS.

src/lxc/lxc_controller.c patch | blob | blame | history

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index c9d96b34e760ccb79ebc4f0175b7ea3b3acde644..a1c264c49a4b23db552f068c9a5a157c0c0a2028 100644 (file)
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -1142,6 +1142,29 @@ cleanup:
 }
 
 
+static int
+virLXCControllerSetupPrivateNS(void)
+{
+    int ret = -1;
+
+    if (unshare(CLONE_NEWNS) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Cannot unshare mount namespace"));
+        goto cleanup;
+    }
+
+    if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Failed to switch root mount into slave mode"));
+        goto cleanup;
+    }
+
+    ret = 0;
+cleanup:
+    return ret;
+}
+
+
 static int
 virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
 {
@@ -1193,18 +1216,6 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
         goto cleanup;
     }
 
-    if (unshare(CLONE_NEWNS) < 0) {
-        virReportSystemError(errno, "%s",
-                             _("Cannot unshare mount namespace"));
-        goto cleanup;
-    }
-
-    if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
-        virReportSystemError(errno, "%s",
-                             _("Failed to switch root mount into slave mode"));
-        goto cleanup;
-    }
-
     if (virAsprintf(&devpts, "%s/dev/pts", root->src) < 0 ||
         virAsprintf(&ctrl->devptmx, "%s/dev/pts/ptmx", root->src) < 0) {
         virReportOOMError();
@@ -1408,6 +1419,9 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
         goto cleanup;
     }
 
+    if (virLXCControllerSetupPrivateNS() < 0)
+        goto cleanup;
+
     if (virLXCControllerSetupLoopDevices(ctrl) < 0)
         goto cleanup;
 
Mirror of https://github.com/libvirt/libvirt.git