From 5e32a9901dfa74a27aaa21921e7378fd732c0757 Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=2E=C3=87a=C4=9Flar=20Onur?= Date: Thu, 16 Jan 2014 00:01:28 -0500 Subject: [PATCH] skip rootfs pinning for unprivileged containers MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit This is perfectly safe since you cannot unmount the host fs from a child userns. Signed-off-by: S.Çağlar Onur Signed-off-by: Serge Hallyn --- src/lxc/start.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index 441d0f45b..b09bd9b08 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -763,11 +763,14 @@ static int lxc_spawn(struct lxc_handler *handler) /* * if the rootfs is not a blockdev, prevent the container from * marking it readonly. + * + * if the container is unprivileged then skip rootfs pinning */ - - handler->pinfd = pin_rootfs(handler->conf->rootfs.path); - if (handler->pinfd == -1) - INFO("failed to pin the container's rootfs"); + if (lxc_list_empty(&handler->conf->id_map)) { + handler->pinfd = pin_rootfs(handler->conf->rootfs.path); + if (handler->pinfd == -1) + INFO("failed to pin the container's rootfs"); + } if (preserve_ns(saved_ns_fd, preserve_mask) < 0) goto out_delete_net; -- 2.47.2