From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 9 Mar 2021 09:47:49 +0000 (+0100)
Subject: conf: simplify dependent mount logic
X-Git-Tag: lxc-5.0.0~260^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed41e764e8e7da9283b98e20ee643ea9e39808cd;p=thirdparty%2Flxc.git

conf: simplify dependent mount logic

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 1be71a865..bdf747476 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3111,7 +3111,7 @@ void tmp_proc_unmount(struct lxc_conf *lxc_conf)
 }
 
 /* Walk /proc/mounts and change any shared entries to dependent mounts. */
-void turn_into_dependent_mounts(void)
+static void turn_into_dependent_mounts(const struct lxc_rootfs *rootfs)
 {
 	__do_free char *line = NULL;
 	__do_fclose FILE *f = NULL;
@@ -3120,9 +3120,10 @@ void turn_into_dependent_mounts(void)
 	ssize_t copied;
 	int ret;
 
-	mntinfo_fd = open("/proc/self/mountinfo", O_RDONLY | O_CLOEXEC);
+	mntinfo_fd = open_at(rootfs->dfd_host, "proc/self/mountinfo", PROTECT_OPEN,
+			     (PROTECT_LOOKUP_BENEATH_XDEV & ~RESOLVE_NO_SYMLINKS), 0);
 	if (mntinfo_fd < 0) {
-		SYSERROR("Failed to open \"/proc/self/mountinfo\"");
+		SYSERROR("Failed to open %d/proc/self/mountinfo", rootfs->dfd_host);
 		return;
 	}
 
@@ -3187,7 +3188,6 @@ void turn_into_dependent_mounts(void)
 			SYSERROR("Failed to recursively turn old root mount tree into dependent mount. Continuing...");
 			continue;
 		}
-		TRACE("Recursively turned old root mount tree into dependent mount");
 	}
 	TRACE("Turned all mount table entries into dependent mount");
 }
@@ -3256,10 +3256,13 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
 	if (conf->rootfs.dfd_host < 0)
 		return log_error_errno(-errno, errno, "Failed to open \"/\"");
 
+	turn_into_dependent_mounts(&conf->rootfs);
+
 	if (conf->rootfs_setup) {
 		const char *path = conf->rootfs.mount;
 
-		/* The rootfs was set up in another namespace. bind-mount it to
+		/*
+		 * The rootfs was set up in another namespace. bind-mount it to
 		 * give us a mount in our own ns so we can pivot_root to it
 		 */
 		ret = mount(path, path, "rootfs", MS_BIND, NULL);
@@ -3273,8 +3276,6 @@ int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name,
 		return log_trace(0, "Bind mounted container / onto itself");
 	}
 
-	turn_into_dependent_mounts();
-
 	ret = run_lxc_hooks(name, "pre-mount", conf, NULL);
 	if (ret < 0)
 		return log_error(-1, "Failed to run pre-mount hooks");
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 602634414..31f072d39 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -514,7 +514,6 @@ __hidden extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), v
 __hidden extern int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata);
 __hidden extern int parse_propagationopts(const char *mntopts, unsigned long *pflags);
 __hidden extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
-__hidden extern void turn_into_dependent_mounts(void);
 __hidden extern void suggest_default_idmap(void);
 __hidden extern FILE *make_anonymous_mount_file(struct lxc_list *mount, bool include_nesting_helpers);
 __hidden extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
diff --git a/src/lxc/start.c b/src/lxc/start.c
index f2737a2de..3dc579e1d 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -2050,7 +2050,6 @@ int __lxc_start(struct lxc_handler *handler, struct lxc_operations *ops,
 			}
 			INFO("Unshared CLONE_NEWNS");
 
-			turn_into_dependent_mounts();
 			ret = lxc_setup_rootfs_prepare_root(conf, name, lxcpath);
 			if (ret < 0) {
 				ERROR("Error setting up rootfs mount as root before spawn");