From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 17 Mar 2021 15:43:15 +0000 (+0100)
Subject: conf: verify that the rootfs can support idmapped mounts
X-Git-Tag: lxc-5.0.0~197^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=657ed14a989b0e7883cca0f6508a9350b38c1944;p=thirdparty%2Flxc.git

conf: verify that the rootfs can support idmapped mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index e3096d257..baacf9289 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -494,6 +494,12 @@ int lxc_rootfs_prepare(struct lxc_rootfs *rootfs, bool userns)
 	struct statfs stfs;
 
 	if (!is_empty_string(rootfs->mnt_opts.userns_path)) {
+		if (!rootfs->path)
+			return syserror_set(-EINVAL, "Idmapped rootfs currently only supported with separate rootfs for container");
+
+		if (rootfs->bdev_type && !strequal(rootfs->bdev_type, "dir"))
+			return syserror_set(-EINVAL, "Idmapped rootfs currently only supports the \"dir\" storage driver");
+
 		fd_userns = open_at(-EBADF, rootfs->mnt_opts.userns_path,
 				    PROTECT_OPEN_WITH_TRAILING_SYMLINKS, 0, 0);
 		if (fd_userns < 0)