From: S.Çağlar Onur <caglar@10ur.org>
Date: Thu, 16 Jan 2014 05:01:28 +0000 (-0500)
Subject: skip rootfs pinning for unprivileged containers
X-Git-Tag: lxc-1.0.0.beta3~105
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5e32a9901dfa74a27aaa21921e7378fd732c0757;p=thirdparty%2Flxc.git

skip rootfs pinning for unprivileged containers

This is perfectly safe since you cannot unmount the host fs from
a child userns.

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 441d0f45b..b09bd9b08 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -763,11 +763,14 @@ static int lxc_spawn(struct lxc_handler *handler)
 	/*
 	 * if the rootfs is not a blockdev, prevent the container from
 	 * marking it readonly.
+	 *
+	 * if the container is unprivileged then skip rootfs pinning
 	 */
-
-	handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
-	if (handler->pinfd == -1)
-		INFO("failed to pin the container's rootfs");
+	if (lxc_list_empty(&handler->conf->id_map)) {
+		handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
+		if (handler->pinfd == -1)
+			INFO("failed to pin the container's rootfs");
+	}
 
 	if (preserve_ns(saved_ns_fd, preserve_mask) < 0)
 		goto out_delete_net;