Set all mounts to MS_SLAVE when starting a container without a rootfs

If the filesystem mounts on the host have the MS_SHARED or MS_SLAVE flag set, and a container without a rootfs is started, then any new mounts created inside the container are currently propagated into the host. In addition to mounts placed in the configuration file of the container or performed manually after startup, the automatic mounting of /proc by lxc-execute will propagate back into the host, effectively crippling the entire system. This can be prevented by setting the MS_SLAVE flag on all mounts (inside the container's own mount namespace) during startup if a rootfs is not configured. Signed-off-by: David Ward <david.ward@ll.mit.edu> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
2025-08-31 00:09:37 +00:00 · 2013-03-26 21:27:52 -04:00
parent 8a63c0a9d9
commit a0f379bfec
1 changed files with 6 additions and 1 deletions
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1129,8 +1129,13 @@ static int setup_rootfs(struct lxc_conf *conf)
 {
 	const struct lxc_rootfs *rootfs = &conf->rootfs;

-	if (!rootfs->path)
+	if (!rootfs->path) {
+		if (mount("", "/", NULL, MS_SLAVE|MS_REC, 0)) {
+			SYSERROR("Failed to make / rslave");
+			return -1;
+		}
 		return 0;
+	}

 	if (access(rootfs->mount, F_OK)) {
 		SYSERROR("failed to access to '%s', check it is present",