From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Thu, 4 Feb 2021 14:56:37 +0000 (+0100)
Subject: conf: start stashing dfd to host's / during container setup
X-Git-Tag: lxc-5.0.0~301^2~6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a370f16bcdb160bb299b8aced7b14ac1b151bd01;p=thirdparty%2Flxc.git

conf: start stashing dfd to host's / during container setup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 625fe62ff..0684058be 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2612,6 +2612,7 @@ struct lxc_conf *lxc_conf_init(void)
 	new->rootfs.managed = true;
 	new->rootfs.mntpt_fd = -EBADF;
 	new->rootfs.dev_mntpt_fd = -EBADF;
+	new->rootfs.dfd_root_host = -EBADF;
 	new->logfd = -1;
 	lxc_list_init(&new->cgroup);
 	lxc_list_init(&new->cgroup2);
@@ -3184,6 +3185,10 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
 {
 	int ret;
 
+	conf->rootfs.dfd_root_host = open_at(-EBADF, "/", PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE, 0);
+	if (conf->rootfs.dfd_root_host < 0)
+		return log_error_errno(-errno, errno, "Failed to open \"/\"");
+
 	if (conf->rootfs_setup) {
 		const char *path = conf->rootfs.mount;
 
@@ -3514,6 +3519,7 @@ int lxc_setup(struct lxc_handler *handler)
 
 	close_prot_errno_disarm(lxc_conf->rootfs.mntpt_fd)
 	close_prot_errno_disarm(lxc_conf->rootfs.dev_mntpt_fd)
+	close_prot_errno_disarm(lxc_conf->rootfs.dfd_root_host)
 	NOTICE("The container \"%s\" is set up", name);
 
 	return 0;
@@ -3879,6 +3885,7 @@ void lxc_conf_free(struct lxc_conf *conf)
 	free(conf->rootfs.data);
 	close_prot_errno_disarm(conf->rootfs.mntpt_fd);
 	close_prot_errno_disarm(conf->rootfs.dev_mntpt_fd);
+	close_prot_errno_disarm(conf->rootfs.dfd_root_host);
 	free(conf->logfile);
 	if (conf->logfd != -1)
 		close(conf->logfd);
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 3b45f0e61..b5ba71e7c 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -194,6 +194,7 @@ struct lxc_tty_info {
  * @dev_mntpt_fd : fd for /dev of the container
  */
 struct lxc_rootfs {
+	int dfd_root_host;
 	int mntpt_fd;
 	int dev_mntpt_fd;
 	char *path;