From 75193660db0ec9498512aaa6dcd030fd4348bf0d Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Wed, 10 Oct 2018 13:06:21 +0200 Subject: [PATCH] conf: verify_start_hooks() after lxc.mount.entry Fixes: https://discuss.linuxcontainers.org/t/are-lxc-mount-entry-available-when-lxc-hook-start-is-validated/2906/3 Signed-off-by: Christian Brauner --- src/lxc/conf.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index a45d88291..710625bb0 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -3514,7 +3514,6 @@ static bool verify_start_hooks(struct lxc_conf *conf) lxc_list_for_each (it, &conf->hooks[LXCHOOK_START]) { int ret; - struct stat st; char *hookname = it->elem; ret = snprintf(path, PATH_MAX, "%s%s", @@ -3523,9 +3522,9 @@ static bool verify_start_hooks(struct lxc_conf *conf) if (ret < 0 || ret >= PATH_MAX) return false; - ret = stat(path, &st); + ret = access(path, X_OK); if (ret < 0) { - SYSERROR("Start hook %s not found in container", + SYSERROR("Start hook \"%s\" not found in container", hookname); return false; } @@ -3604,10 +3603,6 @@ int lxc_setup(struct lxc_handler *handler) return -1; } - /* Make sure any start hooks are in the container */ - if (!verify_start_hooks(lxc_conf)) - return -1; - if (lxc_conf->is_execute) { if (execveat_supported()) { int fd; @@ -3675,6 +3670,12 @@ int lxc_setup(struct lxc_handler *handler) } } + /* Make sure any start hooks are in the container */ + if (!verify_start_hooks(lxc_conf)) { + ERROR("Failed to verify start hooks"); + return -1; + } + ret = lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console, lxc_conf->ttys.dir); if (ret < 0) { -- 2.47.2