From: Daniel P. Berrange <berrange@redhat.com>
Date: Tue, 12 Jun 2012 20:26:37 +0000 (-0400)
Subject: Always pivot_root event if the new root source is '/'
X-Git-Tag: v0.9.13-rc1~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e9d8861e586b3d173a82e1e48e5853e7877c4945;p=thirdparty%2Flibvirt.git

Always pivot_root event if the new root source is '/'

This reverts

  commit c16b4c43fcdd8ec02581f38377983b2e0925bfcd
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Fri May 11 15:09:27 2012 +0100

    Avoid LXC pivot root in the root source is still /

This commit broke setup of /dev, because the code which
deals with setting up a private /dev and /dev/pts only
works if you do a pivotroot.

The original intent of avoiding the pivot root was to
try and ensure the new root has a minimumal mount
tree. The better way todo this is to just unmount the
bits we don't want (ie old /proc & /sys subtrees.
So apply the logic from

  commit c529b47a756960d332fbe9903943dae855e7b949
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Fri May 11 11:35:28 2012 +0100

    Trim /proc & /sys subtrees before mounting new instances

to the pivot_root codepath as well
---

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index a1714c0971..4fbceb4bd9 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1328,6 +1328,13 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
     if (lxcContainerPivotRoot(root) < 0)
         goto cleanup;
 
+    /* Gets rid of any existing stuff under /proc, since we need new
+     * namespace aware versions of those. We must do /proc second
+     * otherwise we won't find /proc/mounts :-) */
+    if (lxcContainerUnmountSubtree("/sys", false) < 0 ||
+        lxcContainerUnmountSubtree("/proc", false) < 0)
+        goto cleanup;
+
     /* Mounts the core /proc, /sys, etc filesystems */
     if (lxcContainerMountBasicFS(vmDef, true, securityDriver) < 0)
         goto cleanup;
@@ -1455,11 +1462,7 @@ static int lxcContainerSetupMounts(virDomainDefPtr vmDef,
     if (lxcContainerResolveSymlinks(vmDef) < 0)
         return -1;
 
-    /* If the user has specified a dst '/' with a source of '/'
-     * then we don't really want to go down the pivot root
-     * path, as we're just tuning the existing root
-     */
-    if (root && root->src && STRNEQ(root->src, "/"))
+    if (root && root->src)
         return lxcContainerSetupPivotRoot(vmDef, root, ttyPaths, nttyPaths, securityDriver);
     else
         return lxcContainerSetupExtraMounts(vmDef, root, securityDriver);