isolate the shmfs for the container

The /dev/shm is not isolated for application container, so mount it in
the container.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c
index b0d8fa721fd092dd3a28b152a9079c4a0e21066f..0a403c409991ee0a8ff590037422582c6dc2756c 100644 (file)
--- a/src/lxc/lxc_init.c
+++ b/src/lxc/lxc_init.c
@@ -48,6 +48,30 @@ static struct option options[] = {
        { 0, 0, 0, 0 },
 };
 
+static int mount_fs(const char *source, const char *target, const char *type)
+{
+       /* sometimes the umount fails */
+       if (umount(target))
+               WARN("failed to unmount %s : %s", target, strerror(errno));
+
+       if (mount(source, target, type, 0, NULL)) {
+               ERROR("failed to mount %s : %s", target, strerror(errno));
+               return -1;
+       }
+
+       return 0;
+}
+
+static inline int setup_fs(void)
+{
+       if (mount_fs("proc", "/proc", "proc"))
+               return -1;
+       if (mount_fs("shmfs", "/dev/shm", "tmpfs"))
+               return -1;
+
+       return 0;
+}
+
 int main(int argc, char *argv[])
 {
        pid_t pid;
@@ -87,10 +111,8 @@ int main(int argc, char *argv[])
 
        if (!pid) {
                
-               if (mount("proc", "/proc", "proc", 0, NULL)) {
-                       ERROR("failed to mount '/proc' : %s", strerror(errno));
+               if (setup_fs())
                        exit(err);
-               }
 
                execvp(aargv[0], aargv);
                ERROR("failed to exec: '%s' : %s", aargv[0], strerror(errno));