From: Daniel P. Berrange Date: Fri, 11 May 2012 14:09:27 +0000 (+0100) Subject: Avoid LXC pivot root in the root source is still / X-Git-Tag: v0.9.13-rc1~252 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c16b4c43fcdd8ec02581f38377983b2e0925bfcd;p=thirdparty%2Flibvirt.git Avoid LXC pivot root in the root source is still / If the LXC config has a filesystem then there is no need to go down the pivot root codepath. We can simply use the existing root as needed. Signed-off-by: Daniel P. Berrange --- diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 2076c04d15..0e22de5a95 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1137,6 +1137,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, /* Nothing mapped to /, we're using the main root, but with extra stuff mapped in */ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef, + virDomainFSDefPtr root, virSecurityManagerPtr securityDriver) { VIR_DEBUG("def=%p", vmDef); @@ -1151,6 +1152,14 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef, return -1; } + if (root && root->readonly) { + if (mount("", "/", NULL, MS_BIND|MS_REC|MS_RDONLY|MS_REMOUNT, NULL) < 0) { + virReportSystemError(errno, "%s", + _("Failed to make root readonly")); + return -1; + } + } + VIR_DEBUG("Mounting config FS"); if (lxcContainerMountAllFS(vmDef, "", false) < 0) return -1; @@ -1192,10 +1201,14 @@ static int lxcContainerSetupMounts(virDomainDefPtr vmDef, if (lxcContainerResolveSymlinks(vmDef) < 0) return -1; - if (root) + /* If the user has specified a dst '/' with a source of '/' + * then we don't really want to go down the pivot root + * path, as we're just tuning the existing root + */ + if (root && root->src && STRNEQ(root->src, "/")) return lxcContainerSetupPivotRoot(vmDef, root, ttyPaths, nttyPaths, securityDriver); else - return lxcContainerSetupExtraMounts(vmDef, securityDriver); + return lxcContainerSetupExtraMounts(vmDef, root, securityDriver); }