From: Gao feng <gaofeng@cn.fujitsu.com>
Date: Wed, 20 Nov 2013 02:11:09 +0000 (+0800)
Subject: LXC: don't unmount mounts for shared root
X-Git-Tag: v1.2.0-rc2~8
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f575fda74832a24062e1007663d04ee2733fcbf0;p=thirdparty%2Flibvirt.git

LXC: don't unmount mounts for shared root

Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
vfs: Lock in place mounts from more privileged users,

unprivileged user has no rights to umount the mounts that
inherited from parent mountns.

right now, I have no good idea to fix this problem, we need
to do more research. this patch just skip unmounting these
mounts for shared root.

BTW, I think when libvirt lxc enables user namespace, the
configuation that shares root with host is very rara.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>
---

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 3d0fac3728..c24e7fbcbf 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1665,7 +1665,9 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
     if (lxcContainerPivotRoot(root) < 0)
         goto cleanup;
 
-    if (STREQ(root->src, "/") &&
+    /* FIXME: we should find a way to unmount these mounts for container
+     * even user namespace is enabled. */
+    if (STREQ(root->src, "/") && (!vmDef->idmap.nuidmap) &&
         lxcContainerUnmountForSharedRoot(stateDir, vmDef->name) < 0)
         goto cleanup;