conf: tweak rootfs handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 5079c87b7af8cf24d6c8c07429273adf7ac3979c..7a248c2685b8d33c180990cd369ac0bf794856ae 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -543,31 +543,25 @@ int lxc_rootfs_init(struct lxc_conf *conf, bool userns)
                        return syserror_set(-EINVAL, "Idmapped rootfs currently only supports the \"dir\" storage driver");
        }
 
-       if (rootfs->path) {
-               if (rootfs->bdev_type) {
-                       if (strequal(rootfs->bdev_type, "overlay") || strequal(rootfs->bdev_type, "overlayfs"))
-                               return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem");
-                       if (strequal(rootfs->bdev_type, "zfs"))
-                               return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem");
-               }
+       if (!rootfs->path)
+               return log_trace(0, "Not pinning because container does not have a rootfs");
 
-               dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0);
-       } else {
-               dfd_path = open_at(-EBADF, "/", PROTECT_OPATH_FILE, PROTECT_LOOKUP_ABSOLUTE, 0);
-       }
-       if (dfd_path < 0)
-               return syserror("Failed to open \"%s\"", rootfs->path);
+       if (userns)
+               return log_trace(0, "Not pinning because container runs in user namespace");
 
-       if (!rootfs->path) {
-               TRACE("Not pinning because container does not have a rootfs");
-               goto out;
-       }
+       if (rootfs->bdev_type) {
+               if (strequal(rootfs->bdev_type, "overlay") ||
+                   strequal(rootfs->bdev_type, "overlayfs"))
+                       return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem");
 
-       if (userns) {
-               TRACE("Not pinning because container runs in user namespace");
-               goto out;
+               if (strequal(rootfs->bdev_type, "zfs"))
+                       return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem");
        }
 
+       dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0);
+       if (dfd_path < 0)
+               return syserror("Failed to open \"%s\"", rootfs->path);
+
        ret = fstat(dfd_path, &st);
        if (ret < 0)
                return log_trace_errno(-errno, errno, "Failed to retrieve file status");
@@ -735,6 +729,8 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
                ret = mkdirat(rootfs->dfd_mnt, "proc" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
                if (ret < 0 && errno != EEXIST)
                        return syserror("Failed to create procfs mountpoint under %d", rootfs->dfd_mnt);
+
+               TRACE("Created procfs mountpoint under %d", rootfs->dfd_mnt);
        }
 
        if (flags & LXC_AUTO_SYS_MASK) {
@@ -756,6 +752,8 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
                ret = mkdirat(rootfs->dfd_mnt, "sys" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
                if (ret < 0 && errno != EEXIST)
                        return syserror("Failed to create sysfs mountpoint under %d", rootfs->dfd_mnt);
+
+               TRACE("Created sysfs mountpoint under %d", rootfs->dfd_mnt);
        }
 
         has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf);
@@ -1239,7 +1237,6 @@ static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs,
                goto reset_umask;
        }
 
-
        /* If we are running on a devtmpfs mapping, dev/pts may already exist.
         * If not, then create it and exit if that fails...
         */
@@ -1393,7 +1390,7 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs)
                if (rootfs->dfd_mnt < 0)
                        return -errno;
 
-               return 0;
+               return log_trace(0, "Container doesn't use separate rootfs. Opened host's rootfs");
        }
 
        ret = access(rootfs->mount, F_OK);
@@ -1415,7 +1412,7 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs)
        if (rootfs->dfd_mnt < 0)
                return -errno;
 
-       return 0;
+       return log_trace(0, "Container uses separate rootfs. Opened container's rootfs");
 }
 
 static int lxc_chroot(const struct lxc_rootfs *rootfs)