From: Christian Brauner Date: Wed, 12 May 2021 07:34:26 +0000 (+0200) Subject: conf: tweak rootfs handling X-Git-Tag: lxc-5.0.0~170^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F3840%2Fhead;p=thirdparty%2Flxc.git conf: tweak rootfs handling Signed-off-by: Christian Brauner --- diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 5079c87b7..7a248c268 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -543,31 +543,25 @@ int lxc_rootfs_init(struct lxc_conf *conf, bool userns) return syserror_set(-EINVAL, "Idmapped rootfs currently only supports the \"dir\" storage driver"); } - if (rootfs->path) { - if (rootfs->bdev_type) { - if (strequal(rootfs->bdev_type, "overlay") || strequal(rootfs->bdev_type, "overlayfs")) - return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem"); - if (strequal(rootfs->bdev_type, "zfs")) - return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem"); - } + if (!rootfs->path) + return log_trace(0, "Not pinning because container does not have a rootfs"); - dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0); - } else { - dfd_path = open_at(-EBADF, "/", PROTECT_OPATH_FILE, PROTECT_LOOKUP_ABSOLUTE, 0); - } - if (dfd_path < 0) - return syserror("Failed to open \"%s\"", rootfs->path); + if (userns) + return log_trace(0, "Not pinning because container runs in user namespace"); - if (!rootfs->path) { - TRACE("Not pinning because container does not have a rootfs"); - goto out; - } + if (rootfs->bdev_type) { + if (strequal(rootfs->bdev_type, "overlay") || + strequal(rootfs->bdev_type, "overlayfs")) + return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem"); - if (userns) { - TRACE("Not pinning because container runs in user namespace"); - goto out; + if (strequal(rootfs->bdev_type, "zfs")) + return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem"); } + dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0); + if (dfd_path < 0) + return syserror("Failed to open \"%s\"", rootfs->path); + ret = fstat(dfd_path, &st); if (ret < 0) return log_trace_errno(-errno, errno, "Failed to retrieve file status"); @@ -735,6 +729,8 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags) ret = mkdirat(rootfs->dfd_mnt, "proc" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); if (ret < 0 && errno != EEXIST) return syserror("Failed to create procfs mountpoint under %d", rootfs->dfd_mnt); + + TRACE("Created procfs mountpoint under %d", rootfs->dfd_mnt); } if (flags & LXC_AUTO_SYS_MASK) { @@ -756,6 +752,8 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags) ret = mkdirat(rootfs->dfd_mnt, "sys" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); if (ret < 0 && errno != EEXIST) return syserror("Failed to create sysfs mountpoint under %d", rootfs->dfd_mnt); + + TRACE("Created sysfs mountpoint under %d", rootfs->dfd_mnt); } has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf); @@ -1239,7 +1237,6 @@ static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs, goto reset_umask; } - /* If we are running on a devtmpfs mapping, dev/pts may already exist. * If not, then create it and exit if that fails... */ @@ -1393,7 +1390,7 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs) if (rootfs->dfd_mnt < 0) return -errno; - return 0; + return log_trace(0, "Container doesn't use separate rootfs. Opened host's rootfs"); } ret = access(rootfs->mount, F_OK); @@ -1415,7 +1412,7 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs) if (rootfs->dfd_mnt < 0) return -errno; - return 0; + return log_trace(0, "Container uses separate rootfs. Opened container's rootfs"); } static int lxc_chroot(const struct lxc_rootfs *rootfs)