mir/lxc
2
0
Fork 0
mirror of git://github.com/lxc/lxc synced 2025-08-31 12:09:35 +00:00
Code Issues Releases Wiki Activity

conf: tweak rootfs handling

Browse Source 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner
2021-05-12 09:34:26 +02:00
parent f6c5aab0c0
commit c119f0185b
1 changed files with 20 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
src/lxc/conf.c
View File

@@ -543,31 +543,25 @@ int lxc_rootfs_init(struct lxc_conf *conf, bool userns)
return syserror_set(-EINVAL, "Idmapped rootfs currently only supports the \"dir\" storage driver");
}
if (rootfs->path) {
if (rootfs->bdev_type) {
if (strequal(rootfs->bdev_type, "overlay") || strequal(rootfs->bdev_type, "overlayfs"))
return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem");
if (strequal(rootfs->bdev_type, "zfs"))
return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem");
}
if (!rootfs->path)
return log_trace(0, "Not pinning because container does not have a rootfs");
dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0);
} else {
dfd_path = open_at(-EBADF, "/", PROTECT_OPATH_FILE, PROTECT_LOOKUP_ABSOLUTE, 0);
if (userns)
return log_trace(0, "Not pinning because container runs in user namespace");
if (rootfs->bdev_type) {
if (strequal(rootfs->bdev_type, "overlay") ||
strequal(rootfs->bdev_type, "overlayfs"))
return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem");
if (strequal(rootfs->bdev_type, "zfs"))
return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem");
}
dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0);
if (dfd_path < 0)
return syserror("Failed to open \"%s\"", rootfs->path);
if (!rootfs->path) {
TRACE("Not pinning because container does not have a rootfs");
goto out;
}
if (userns) {
TRACE("Not pinning because container runs in user namespace");
goto out;
}
ret = fstat(dfd_path, &st);
if (ret < 0)
return log_trace_errno(-errno, errno, "Failed to retrieve file status");
@@ -735,6 +729,8 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
ret = mkdirat(rootfs->dfd_mnt, "proc" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
if (ret < 0 && errno != EEXIST)
return syserror("Failed to create procfs mountpoint under %d", rootfs->dfd_mnt);
TRACE("Created procfs mountpoint under %d", rootfs->dfd_mnt);
}
if (flags & LXC_AUTO_SYS_MASK) {
@@ -756,6 +752,8 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
ret = mkdirat(rootfs->dfd_mnt, "sys" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
if (ret < 0 && errno != EEXIST)
return syserror("Failed to create sysfs mountpoint under %d", rootfs->dfd_mnt);
TRACE("Created sysfs mountpoint under %d", rootfs->dfd_mnt);
}
has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf);
@@ -1239,7 +1237,6 @@ static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs,
goto reset_umask;
}
/* If we are running on a devtmpfs mapping, dev/pts may already exist.
* If not, then create it and exit if that fails...
*/
@@ -1393,7 +1390,7 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs)
if (rootfs->dfd_mnt < 0)
return -errno;
return 0;
return log_trace(0, "Container doesn't use separate rootfs. Opened host's rootfs");
}
ret = access(rootfs->mount, F_OK);
@@ -1415,7 +1412,7 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs)
if (rootfs->dfd_mnt < 0)
return -errno;
return 0;
return log_trace(0, "Container uses separate rootfs. Opened container's rootfs");
}
static int lxc_chroot(const struct lxc_rootfs *rootfs)