From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 27 Jan 2021 15:46:56 +0000 (+0100)
Subject: conf: move proc and sys mountpoint creation int lxc_mount_auto_mounts()
X-Git-Tag: lxc-5.0.0~315^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f4bea7cc76c4ec0b1abbfb7f57eb623b625ccc6a;p=thirdparty%2Flxc.git

conf: move proc and sys mountpoint creation int lxc_mount_auto_mounts()

Fixes: 493e00b68da4 ("mkdir -p /proc /sys on container startup")
Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 5cbad6cdf..f37d35c3b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -642,6 +642,20 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
         struct lxc_rootfs *rootfs = &conf->rootfs;
         bool has_cap_net_admin;
 
+        if (flags & LXC_AUTO_PROC_MASK) {
+		ret = mkdirat(rootfs->mntpt_fd, "proc" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+		if (ret < 0 && errno != EEXIST)
+			return log_error_errno(-errno, errno,
+					       "Failed to create proc mountpoint under %d", rootfs->mntpt_fd);
+	}
+
+	if (flags & LXC_AUTO_SYS_MASK) {
+		ret = mkdirat(rootfs->mntpt_fd, "sys" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+		if (ret < 0 && errno != EEXIST)
+			return log_error_errno(-errno, errno,
+					       "Failed to create sysfs mountpoint under %d", rootfs->mntpt_fd);
+	}
+
         has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf);
         for (i = 0; default_mounts[i].match_mask; i++) {
 		__do_free char *destination = NULL, *source = NULL;
@@ -3280,24 +3294,6 @@ int lxc_setup(struct lxc_handler *handler)
 	if (ret < 0)
 		return log_error(-1, "Failed to setup rootfs");
 
-	/* Create mountpoints for /proc and /sys. */
-	char path[PATH_MAX];
-	char *rootfs_path = lxc_conf->rootfs.path ? lxc_conf->rootfs.mount : "";
-
-	ret = snprintf(path, sizeof(path), "%s/proc", rootfs_path);
-	if (ret < 0 || (size_t)ret >= sizeof(path))
-		return log_error(-1, "Path to /proc too long");
-	ret = mkdir(path, 0755);
-	if (ret < 0 && errno != EEXIST)
-		return log_error_errno(-1, errno, "Failed to create \"/proc\" directory");
-
-	ret = snprintf(path, sizeof(path), "%s/sys", rootfs_path);
-	if (ret < 0 || (size_t)ret >= sizeof(path))
-		return log_error(-1, "Path to /sys too long");
-	ret = mkdir(path, 0755);
-	if (ret < 0 && errno != EEXIST)
-		return log_error_errno(-1, errno, "Failed to create \"/sys\" directory");
-
 	if (handler->nsfd[LXC_NS_UTS] == -EBADF) {
 		ret = setup_utsname(lxc_conf->utsname);
 		if (ret < 0)
@@ -3364,12 +3360,13 @@ int lxc_setup(struct lxc_handler *handler)
 	if (lxc_conf->is_execute) {
 		if (execveat_supported()) {
 			int fd;
+			char path[STRLITERALLEN(SBINDIR) + STRLITERALLEN("/init.lxc.static") + 1];
 
-			ret = snprintf(path, PATH_MAX, SBINDIR "/init.lxc.static");
+			ret = snprintf(path, sizeof(path), SBINDIR "/init.lxc.static");
 			if (ret < 0 || ret >= PATH_MAX)
 				return log_error(-1, "Path to init.lxc.static too long");
 
-			fd = open(path, O_PATH | O_CLOEXEC);
+			fd = open(path, O_NOCTTY | O_NOFOLLOW | O_CLOEXEC | O_PATH);
 			if (fd < 0)
 				return log_error_errno(-1, errno, "Unable to open lxc.init.static");