From: Serge Hallyn <serge.hallyn@ubuntu.com>
Date: Fri, 1 Nov 2013 17:17:52 +0000 (-0500)
Subject: always remount / rslave before running creation template (if root)
X-Git-Tag: lxc-1.0.0.alpha3~36
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4de2791fa7dcc6d4cd445f3c6678623a998b18e2;p=thirdparty%2Flxc.git

always remount / rslave before running creation template (if root)

If we're not root, our mounts in private userns won't get pushed
back anyway.  If we are root, we need to make sure that anything
the template does gets cleaned up.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
---

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 8b81a6346..946133d87 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -24,6 +24,7 @@
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/mount.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sched.h>
@@ -833,11 +834,23 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
 			exit(1);
 		}
 
-		if (strcmp(bdev->type, "dir") != 0) {
+		if (geteuid() == 0) {
 			if (unshare(CLONE_NEWNS) < 0) {
 				ERROR("error unsharing mounts");
 				exit(1);
 			}
+			if (detect_shared_rootfs()) {
+				if (mount("", "", NULL, MS_SLAVE|MS_REC, 0)) {
+					SYSERROR("Failed to make / rslave to run template");
+					ERROR("Continuing...");
+				}
+			}
+		}
+		if (strcmp(bdev->type, "dir") != 0) {
+			if (geteuid() != 0) {
+				ERROR("non-root users can only create directory-backed containers");
+				exit(1);
+			}
 			if (bdev->ops->mount(bdev) < 0) {
 				ERROR("Error mounting rootfs");
 				exit(1);