diff options
author | Bogdan Purcareata <bogdan.purcareata@freescale.com> | 2013-10-08 17:17:20 +0300 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2013-10-10 23:25:16 -0400 |
commit | c5568d38acc8b2a7e3ff6e6e3d57740f9221fdde (patch) | |
tree | 7f970193e24eb8b6f929c6c90db9fdecf1922844 | |
parent | 4b1938df7242af4599fb6bd1c7e3901df16c86e8 (diff) | |
download | meta-virtualization-c5568d38acc8b2a7e3ff6e6e3d57740f9221fdde.tar.gz |
libvirt: Try to fix selinux/securityfs mount handling in LXC
The current behavior for libvirt containers is to
configure a set of "basic" mounts in the new container
environment by default. Some of these mounts, such as
securityfs or selinux, might not have kernel support on
all running platforms. The added patchset implements
proper handling for this case and makes some additional
cleanups and refactoring.
The patchset is taken from the upstream libvirt mailing
list. Please refer to:
https://www.redhat.com/archives/libvir-list/2013-October/msg00270.html
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
7 files changed, 622 insertions, 0 deletions
diff --git a/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch b/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch new file mode 100644 index 00000000..0affcbef --- /dev/null +++ b/recipes-extended/libvirt/libvirt/0001-Add-virFileIsMountPoint-function.patch | |||
@@ -0,0 +1,135 @@ | |||
1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
2 | To: libvir-list@redhat.com | ||
3 | Date: Mon, 7 Oct 2013 14:06:46 +0100 | ||
4 | Message-Id: <1381151211-27111-2-git-send-email-berrange@redhat.com> | ||
5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
8 | X-loop: libvir-list@redhat.com | ||
9 | Subject: [libvirt] [PATCH 1/6] Add virFileIsMountPoint function | ||
10 | X-BeenThere: libvir-list@redhat.com | ||
11 | X-Mailman-Version: 2.1.12 | ||
12 | Precedence: junk | ||
13 | List-Id: Development discussions about the libvirt library & tools | ||
14 | <libvir-list.redhat.com> | ||
15 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
16 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
17 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
18 | List-Post: <mailto:libvir-list@redhat.com> | ||
19 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
20 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
21 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
22 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:56 -0000 | ||
23 | |||
24 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
25 | |||
26 | Add a function for efficiently checking if a path is a filesystem | ||
27 | mount point. | ||
28 | |||
29 | NB will not work for bind mounts, only true filesystem mounts. | ||
30 | |||
31 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
32 | --- | ||
33 | src/libvirt_private.syms | 1 + | ||
34 | src/util/virfile.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ | ||
35 | src/util/virfile.h | 2 ++ | ||
36 | 3 files changed, 61 insertions(+) | ||
37 | |||
38 | diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms | ||
39 | index fe40834..31fa604 100644 | ||
40 | --- a/src/libvirt_private.syms | ||
41 | +++ b/src/libvirt_private.syms | ||
42 | @@ -1182,6 +1182,7 @@ virFileIsAbsPath; | ||
43 | virFileIsDir; | ||
44 | virFileIsExecutable; | ||
45 | virFileIsLink; | ||
46 | +virFileIsMountPoint; | ||
47 | virFileLinkPointsTo; | ||
48 | virFileLock; | ||
49 | virFileLoopDeviceAssociate; | ||
50 | diff --git a/src/util/virfile.c b/src/util/virfile.c | ||
51 | index e10de5a..fa21aeb 100644 | ||
52 | --- a/src/util/virfile.c | ||
53 | +++ b/src/util/virfile.c | ||
54 | @@ -1513,6 +1513,64 @@ virFileIsExecutable(const char *file) | ||
55 | return false; | ||
56 | } | ||
57 | |||
58 | + | ||
59 | +/* | ||
60 | + * Check that a file refers to a mount point. Trick is that for | ||
61 | + * a mount point, the st_dev field will differ from the parent | ||
62 | + * directory. | ||
63 | + * | ||
64 | + * Note that this will not detect bind mounts of dirs/files, | ||
65 | + * only true filesystem mounts. | ||
66 | + */ | ||
67 | +int virFileIsMountPoint(const char *file) | ||
68 | +{ | ||
69 | + char *parent = NULL; | ||
70 | + char *tmp; | ||
71 | + int ret = -1; | ||
72 | + struct stat sb1, sb2; | ||
73 | + | ||
74 | + if (VIR_STRDUP_QUIET(parent, file) < 0) | ||
75 | + goto cleanup; | ||
76 | + | ||
77 | + if (!(tmp = strrchr(parent, '/'))) { | ||
78 | + virReportError(VIR_ERR_INTERNAL_ERROR, | ||
79 | + _("Could not find '/' in '%s'"), | ||
80 | + file); | ||
81 | + goto cleanup; | ||
82 | + } | ||
83 | + | ||
84 | + *tmp = '\0'; | ||
85 | + | ||
86 | + VIR_DEBUG("Comparing '%s' to '%s'", file, parent); | ||
87 | + | ||
88 | + if (stat(file, &sb1) < 0) { | ||
89 | + if (errno == ENOENT) | ||
90 | + ret = 0; | ||
91 | + else | ||
92 | + virReportSystemError(errno, | ||
93 | + _("Cannot stat '%s'"), | ||
94 | + file); | ||
95 | + goto cleanup; | ||
96 | + } | ||
97 | + | ||
98 | + if (stat(parent, &sb2) < 0) { | ||
99 | + virReportSystemError(errno, | ||
100 | + _("Cannot stat '%s'"), | ||
101 | + parent); | ||
102 | + goto cleanup; | ||
103 | + } | ||
104 | + | ||
105 | + if (!S_ISDIR(sb1.st_mode)) | ||
106 | + return false; | ||
107 | + | ||
108 | + ret = sb1.st_dev != sb2.st_dev; | ||
109 | + VIR_DEBUG("Is mount %d", ret); | ||
110 | + | ||
111 | + cleanup: | ||
112 | + VIR_FREE(parent); | ||
113 | + return ret; | ||
114 | +} | ||
115 | + | ||
116 | #ifndef WIN32 | ||
117 | /* Check that a file is accessible under certain | ||
118 | * user & gid. | ||
119 | diff --git a/src/util/virfile.h b/src/util/virfile.h | ||
120 | index 72d35ce..ff84719 100644 | ||
121 | --- a/src/util/virfile.h | ||
122 | +++ b/src/util/virfile.h | ||
123 | @@ -156,6 +156,8 @@ bool virFileIsDir (const char *file) ATTRIBUTE_NONNULL(1); | ||
124 | bool virFileExists(const char *file) ATTRIBUTE_NONNULL(1); | ||
125 | bool virFileIsExecutable(const char *file) ATTRIBUTE_NONNULL(1); | ||
126 | |||
127 | +int virFileIsMountPoint(const char *file) ATTRIBUTE_NONNULL(1); | ||
128 | + | ||
129 | char *virFileSanitizePath(const char *path); | ||
130 | |||
131 | enum { | ||
132 | -- | ||
133 | 1.8.3.1 | ||
134 | |||
135 | |||
diff --git a/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch b/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch new file mode 100644 index 00000000..2a3d3ef4 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/0002-Remove-unused-opts-field-from-LXC-basic.patch | |||
@@ -0,0 +1,97 @@ | |||
1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
2 | To: libvir-list@redhat.com | ||
3 | Date: Mon, 7 Oct 2013 14:06:47 +0100 | ||
4 | Message-Id: <1381151211-27111-3-git-send-email-berrange@redhat.com> | ||
5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
8 | X-loop: libvir-list@redhat.com | ||
9 | Subject: [libvirt] [PATCH 2/6] Remove unused 'opts' field from LXC basic | ||
10 | mounts struct | ||
11 | X-BeenThere: libvir-list@redhat.com | ||
12 | X-Mailman-Version: 2.1.12 | ||
13 | Precedence: junk | ||
14 | List-Id: Development discussions about the libvirt library & tools | ||
15 | <libvir-list.redhat.com> | ||
16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
19 | List-Post: <mailto:libvir-list@redhat.com> | ||
20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
23 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:57 -0000 | ||
24 | |||
25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
26 | |||
27 | The virLXCBasicMountInfo struct contains a 'char *opts' | ||
28 | field passed onto the mount() syscall. Every entry in the | ||
29 | list sets this to NULL though, so it can be removed to | ||
30 | simplify life. | ||
31 | |||
32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
33 | --- | ||
34 | src/lxc/lxc_container.c | 29 ++++++++++++++--------------- | ||
35 | 1 file changed, 14 insertions(+), 15 deletions(-) | ||
36 | |||
37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
38 | index b1f429c..3c89ed7 100644 | ||
39 | --- a/src/lxc/lxc_container.c | ||
40 | +++ b/src/lxc/lxc_container.c | ||
41 | @@ -752,7 +752,6 @@ typedef struct { | ||
42 | const char *src; | ||
43 | const char *dst; | ||
44 | const char *type; | ||
45 | - const char *opts; | ||
46 | int mflags; | ||
47 | } virLXCBasicMountInfo; | ||
48 | |||
49 | @@ -763,16 +762,16 @@ static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
50 | * mount point in the main OS becomes readonly too which is not what | ||
51 | * we want. Hence some things have two entries here. | ||
52 | */ | ||
53 | - { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
54 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND }, | ||
55 | - { "/proc/sys", "/proc/sys", NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
56 | - { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
57 | - { "sysfs", "/sys", "sysfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
58 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
59 | - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
60 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
61 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND }, | ||
62 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
63 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
64 | + { "sysfs", "/sys", "sysfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
65 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
66 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
67 | #if WITH_SELINUX | ||
68 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
69 | - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
70 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
71 | + { SELINUX_MOUNT, SELINUX_MOUNT, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
72 | #endif | ||
73 | }; | ||
74 | |||
75 | @@ -882,13 +881,13 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
76 | goto cleanup; | ||
77 | } | ||
78 | |||
79 | - VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s", | ||
80 | - srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts); | ||
81 | - if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) { | ||
82 | + VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
83 | + srcpath, mnt->dst, mnt->type, mnt->mflags); | ||
84 | + if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
85 | virReportSystemError(errno, | ||
86 | - _("Failed to mount %s on %s type %s flags=%x opts=%s"), | ||
87 | + _("Failed to mount %s on %s type %s flags=%x"), | ||
88 | srcpath, mnt->dst, NULLSTR(mnt->type), | ||
89 | - mnt->mflags, NULLSTR(mnt->opts)); | ||
90 | + mnt->mflags); | ||
91 | goto cleanup; | ||
92 | } | ||
93 | } | ||
94 | -- | ||
95 | 1.8.3.1 | ||
96 | |||
97 | |||
diff --git a/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch b/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch new file mode 100644 index 00000000..5135fb01 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch | |||
@@ -0,0 +1,78 @@ | |||
1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
2 | To: libvir-list@redhat.com | ||
3 | Date: Mon, 7 Oct 2013 14:06:48 +0100 | ||
4 | Message-Id: <1381151211-27111-4-git-send-email-berrange@redhat.com> | ||
5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
8 | X-loop: libvir-list@redhat.com | ||
9 | Subject: [libvirt] [PATCH 3/6] Remove pointless 'srcpath' variable in | ||
10 | lxcContainerMountBasicFS | ||
11 | X-BeenThere: libvir-list@redhat.com | ||
12 | X-Mailman-Version: 2.1.12 | ||
13 | Precedence: junk | ||
14 | List-Id: Development discussions about the libvirt library & tools | ||
15 | <libvir-list.redhat.com> | ||
16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
19 | List-Post: <mailto:libvir-list@redhat.com> | ||
20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
23 | X-List-Received-Date: Mon, 07 Oct 2013 13:06:59 -0000 | ||
24 | |||
25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
26 | |||
27 | The 'srcpath' variable is initialized from 'mnt->src' and never | ||
28 | changed thereafter. Some places continue to use 'mnt->src' and | ||
29 | others use 'srcpath'. Remove the pointless 'srcpath' variable | ||
30 | and use 'mnt->src' everywhere. | ||
31 | |||
32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
33 | --- | ||
34 | src/lxc/lxc_container.c | 13 +++++-------- | ||
35 | 1 file changed, 5 insertions(+), 8 deletions(-) | ||
36 | |||
37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
38 | index 3c89ed7..1b1c93b 100644 | ||
39 | --- a/src/lxc/lxc_container.c | ||
40 | +++ b/src/lxc/lxc_container.c | ||
41 | @@ -853,16 +853,13 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
42 | |||
43 | for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { | ||
44 | virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; | ||
45 | - const char *srcpath = NULL; | ||
46 | |||
47 | VIR_DEBUG("Processing %s -> %s", | ||
48 | mnt->src, mnt->dst); | ||
49 | |||
50 | - srcpath = mnt->src; | ||
51 | - | ||
52 | /* Skip if mount doesn't exist in source */ | ||
53 | - if ((srcpath[0] == '/') && | ||
54 | - (access(srcpath, R_OK) < 0)) | ||
55 | + if ((mnt->src[0] == '/') && | ||
56 | + (access(mnt->src, R_OK) < 0)) | ||
57 | continue; | ||
58 | |||
59 | #if WITH_SELINUX | ||
60 | @@ -882,11 +879,11 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
61 | } | ||
62 | |||
63 | VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
64 | - srcpath, mnt->dst, mnt->type, mnt->mflags); | ||
65 | - if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
66 | + mnt->src, mnt->dst, mnt->type, mnt->mflags); | ||
67 | + if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
68 | virReportSystemError(errno, | ||
69 | _("Failed to mount %s on %s type %s flags=%x"), | ||
70 | - srcpath, mnt->dst, NULLSTR(mnt->type), | ||
71 | + mnt->src, mnt->dst, NULLSTR(mnt->type), | ||
72 | mnt->mflags); | ||
73 | goto cleanup; | ||
74 | } | ||
75 | -- | ||
76 | 1.8.3.1 | ||
77 | |||
78 | |||
diff --git a/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch b/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch new file mode 100644 index 00000000..c02295e1 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch | |||
@@ -0,0 +1,117 @@ | |||
1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
2 | To: libvir-list@redhat.com | ||
3 | Date: Mon, 7 Oct 2013 14:06:49 +0100 | ||
4 | Message-Id: <1381151211-27111-5-git-send-email-berrange@redhat.com> | ||
5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
8 | X-loop: libvir-list@redhat.com | ||
9 | Subject: [libvirt] [PATCH 4/6] Remove duplicate entries in lxcBasicMounts | ||
10 | array | ||
11 | X-BeenThere: libvir-list@redhat.com | ||
12 | X-Mailman-Version: 2.1.12 | ||
13 | Precedence: junk | ||
14 | List-Id: Development discussions about the libvirt library & tools | ||
15 | <libvir-list.redhat.com> | ||
16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
19 | List-Post: <mailto:libvir-list@redhat.com> | ||
20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:00 -0000 | ||
24 | |||
25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
26 | |||
27 | Currently the lxcBasicMounts array has separate entries for | ||
28 | most mounts, to reflect that we must do a separate mount | ||
29 | operation to make mounts read-only. Remove the duplicate | ||
30 | entries and instead set the MS_RDONLY flag against the main | ||
31 | entry. Then change lxcContainerMountBasicFS to look for the | ||
32 | MS_RDONLY flag, mask it out & do a separate bind mount. | ||
33 | |||
34 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
35 | --- | ||
36 | src/lxc/lxc_container.c | 44 +++++++++++++++++++++++++++----------------- | ||
37 | 1 file changed, 27 insertions(+), 17 deletions(-) | ||
38 | |||
39 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
40 | index 1b1c93b..a7f71ef 100644 | ||
41 | --- a/src/lxc/lxc_container.c | ||
42 | +++ b/src/lxc/lxc_container.c | ||
43 | @@ -756,22 +756,12 @@ typedef struct { | ||
44 | } virLXCBasicMountInfo; | ||
45 | |||
46 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
47 | - /* When we want to make a bind mount readonly, for unknown reasons, | ||
48 | - * it is currently necessary to bind it once, and then remount the | ||
49 | - * bind with the readonly flag. If this is not done, then the original | ||
50 | - * mount point in the main OS becomes readonly too which is not what | ||
51 | - * we want. Hence some things have two entries here. | ||
52 | - */ | ||
53 | { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
54 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND }, | ||
55 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
56 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
57 | - { "sysfs", "/sys", "sysfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
58 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
59 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
60 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY }, | ||
61 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
62 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
63 | #if WITH_SELINUX | ||
64 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
65 | - { SELINUX_MOUNT, SELINUX_MOUNT, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY }, | ||
66 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
67 | #endif | ||
68 | }; | ||
69 | |||
70 | @@ -852,6 +842,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
71 | VIR_DEBUG("Mounting basic filesystems"); | ||
72 | |||
73 | for (i = 0; i < ARRAY_CARDINALITY(lxcBasicMounts); i++) { | ||
74 | + bool bindOverReadonly; | ||
75 | virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; | ||
76 | |||
77 | VIR_DEBUG("Processing %s -> %s", | ||
78 | @@ -878,13 +869,32 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
79 | goto cleanup; | ||
80 | } | ||
81 | |||
82 | + /* | ||
83 | + * We can't immediately set the MS_RDONLY flag when mounting filesystems | ||
84 | + * because (in at least some kernel versions) this will propagate back | ||
85 | + * to the original mount in the host OS, turning it readonly too. This | ||
86 | + * We mount the filesystem in read-write mode initially, and then do a | ||
87 | + * separate read-only bind mount on top of that. | ||
88 | + */ | ||
89 | + bindOverReadonly = !!(mnt->mflags & MS_RDONLY); | ||
90 | + | ||
91 | VIR_DEBUG("Mount %s on %s type=%s flags=%x", | ||
92 | - mnt->src, mnt->dst, mnt->type, mnt->mflags); | ||
93 | - if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags, NULL) < 0) { | ||
94 | + mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY); | ||
95 | + if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY, NULL) < 0) { | ||
96 | virReportSystemError(errno, | ||
97 | _("Failed to mount %s on %s type %s flags=%x"), | ||
98 | mnt->src, mnt->dst, NULLSTR(mnt->type), | ||
99 | - mnt->mflags); | ||
100 | + mnt->mflags & ~MS_RDONLY); | ||
101 | + goto cleanup; | ||
102 | + } | ||
103 | + | ||
104 | + if (bindOverReadonly && | ||
105 | + mount(mnt->src, mnt->dst, NULL, | ||
106 | + MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { | ||
107 | + virReportSystemError(errno, | ||
108 | + _("Failed to re-mount %s on %s flags=%x"), | ||
109 | + mnt->src, mnt->dst, | ||
110 | + MS_BIND|MS_REMOUNT|MS_RDONLY); | ||
111 | goto cleanup; | ||
112 | } | ||
113 | } | ||
114 | -- | ||
115 | 1.8.3.1 | ||
116 | |||
117 | |||
diff --git a/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch b/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch new file mode 100644 index 00000000..c9e0afc7 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch | |||
@@ -0,0 +1,83 @@ | |||
1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
2 | To: libvir-list@redhat.com | ||
3 | Date: Mon, 7 Oct 2013 14:06:50 +0100 | ||
4 | Message-Id: <1381151211-27111-6-git-send-email-berrange@redhat.com> | ||
5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
8 | X-loop: libvir-list@redhat.com | ||
9 | Subject: [libvirt] [PATCH 5/6] Add flag to lxcBasicMounts to control use in | ||
10 | user namespaces | ||
11 | X-BeenThere: libvir-list@redhat.com | ||
12 | X-Mailman-Version: 2.1.12 | ||
13 | Precedence: junk | ||
14 | List-Id: Development discussions about the libvirt library & tools | ||
15 | <libvir-list.redhat.com> | ||
16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
19 | List-Post: <mailto:libvir-list@redhat.com> | ||
20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:02 -0000 | ||
24 | |||
25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
26 | |||
27 | Some mounts must be skipped if running inside a user namespace, | ||
28 | since the kernel forbids their use. Instead of strcmp'ing the | ||
29 | filesystem type in the body of the loop, set an explicit flag | ||
30 | in the lxcBasicMounts table. | ||
31 | |||
32 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
33 | --- | ||
34 | src/lxc/lxc_container.c | 17 ++++++++++------- | ||
35 | 1 file changed, 10 insertions(+), 7 deletions(-) | ||
36 | |||
37 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
38 | index a7f71ef..05190bf 100644 | ||
39 | --- a/src/lxc/lxc_container.c | ||
40 | +++ b/src/lxc/lxc_container.c | ||
41 | @@ -753,15 +753,16 @@ typedef struct { | ||
42 | const char *dst; | ||
43 | const char *type; | ||
44 | int mflags; | ||
45 | + bool skipUserNS; | ||
46 | } virLXCBasicMountInfo; | ||
47 | |||
48 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
49 | - { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV }, | ||
50 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY }, | ||
51 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
52 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
53 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, | ||
54 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false }, | ||
55 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false }, | ||
56 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
57 | #if WITH_SELINUX | ||
58 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY }, | ||
59 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
60 | #endif | ||
61 | }; | ||
62 | |||
63 | @@ -855,12 +856,14 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
64 | |||
65 | #if WITH_SELINUX | ||
66 | if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
67 | - (!is_selinux_enabled() || userns_enabled)) | ||
68 | + !is_selinux_enabled()) | ||
69 | continue; | ||
70 | #endif | ||
71 | |||
72 | - if (STREQ(mnt->src, "securityfs") && userns_enabled) | ||
73 | + if (mnt->skipUserNS && userns_enabled) { | ||
74 | + VIR_DEBUG("Skipping due to user ns enablement"); | ||
75 | continue; | ||
76 | + } | ||
77 | |||
78 | if (virFileMakePath(mnt->dst) < 0) { | ||
79 | virReportSystemError(errno, | ||
80 | -- | ||
81 | 1.8.3.1 | ||
82 | |||
83 | |||
diff --git a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch b/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch new file mode 100644 index 00000000..a0ac4146 --- /dev/null +++ b/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch | |||
@@ -0,0 +1,106 @@ | |||
1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
2 | To: libvir-list@redhat.com | ||
3 | Date: Mon, 7 Oct 2013 14:06:51 +0100 | ||
4 | Message-Id: <1381151211-27111-7-git-send-email-berrange@redhat.com> | ||
5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
8 | X-loop: libvir-list@redhat.com | ||
9 | Subject: [libvirt] [PATCH 6/6] Skip any files which are not mounted on the | ||
10 | host | ||
11 | X-BeenThere: libvir-list@redhat.com | ||
12 | X-Mailman-Version: 2.1.12 | ||
13 | Precedence: junk | ||
14 | List-Id: Development discussions about the libvirt library & tools | ||
15 | <libvir-list.redhat.com> | ||
16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
19 | List-Post: <mailto:libvir-list@redhat.com> | ||
20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:03 -0000 | ||
24 | |||
25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
26 | |||
27 | Currently the LXC container tries to skip selinux/securityfs | ||
28 | mounts if the directory does not exist in the filesystem, | ||
29 | or if SELinux is disabled. | ||
30 | |||
31 | The former check is flawed because the /sys/fs/selinux | ||
32 | or /sys/kernel/securityfs directories may exist in sysfs | ||
33 | even if the mount type is disabled. Instead of just doing | ||
34 | an access() check, use an virFileIsMounted() to see if | ||
35 | the FS is actually present in the host OS. This also | ||
36 | avoids the need to check is_selinux_enabled(). | ||
37 | |||
38 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
39 | --- | ||
40 | src/lxc/lxc_container.c | 37 +++++++++++++++++++++++-------------- | ||
41 | 1 file changed, 23 insertions(+), 14 deletions(-) | ||
42 | |||
43 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
44 | index 05190bf..4ec7b67 100644 | ||
45 | --- a/src/lxc/lxc_container.c | ||
46 | +++ b/src/lxc/lxc_container.c | ||
47 | @@ -754,15 +754,16 @@ typedef struct { | ||
48 | const char *type; | ||
49 | int mflags; | ||
50 | bool skipUserNS; | ||
51 | + bool skipUnmounted; | ||
52 | } virLXCBasicMountInfo; | ||
53 | |||
54 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
55 | - { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, | ||
56 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false }, | ||
57 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false }, | ||
58 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
59 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, | ||
60 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false }, | ||
61 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false }, | ||
62 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, | ||
63 | #if WITH_SELINUX | ||
64 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
65 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, | ||
66 | #endif | ||
67 | }; | ||
68 | |||
69 | @@ -849,16 +850,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
70 | VIR_DEBUG("Processing %s -> %s", | ||
71 | mnt->src, mnt->dst); | ||
72 | |||
73 | - /* Skip if mount doesn't exist in source */ | ||
74 | - if ((mnt->src[0] == '/') && | ||
75 | - (access(mnt->src, R_OK) < 0)) | ||
76 | - continue; | ||
77 | + if (mnt->skipUnmounted) { | ||
78 | + char *hostdir; | ||
79 | + int ret; | ||
80 | |||
81 | -#if WITH_SELINUX | ||
82 | - if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
83 | - !is_selinux_enabled()) | ||
84 | - continue; | ||
85 | -#endif | ||
86 | + if (virAsprintf(&hostdir, "/.oldroot%s", mnt->dst) < 0) | ||
87 | + goto cleanup; | ||
88 | + | ||
89 | + ret = virFileIsMountPoint(hostdir); | ||
90 | + VIR_FREE(hostdir); | ||
91 | + if (ret < 0) | ||
92 | + goto cleanup; | ||
93 | + | ||
94 | + if (ret == 0) { | ||
95 | + VIR_DEBUG("Skipping '%s' which isn't mounted in host", | ||
96 | + mnt->dst); | ||
97 | + continue; | ||
98 | + } | ||
99 | + } | ||
100 | |||
101 | if (mnt->skipUserNS && userns_enabled) { | ||
102 | VIR_DEBUG("Skipping due to user ns enablement"); | ||
103 | -- | ||
104 | 1.8.3.1 | ||
105 | |||
106 | |||
diff --git a/recipes-extended/libvirt/libvirt_1.1.2.bb b/recipes-extended/libvirt/libvirt_1.1.2.bb index a12147a6..819072dc 100644 --- a/recipes-extended/libvirt/libvirt_1.1.2.bb +++ b/recipes-extended/libvirt/libvirt_1.1.2.bb | |||
@@ -27,6 +27,12 @@ SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz \ | |||
27 | file://LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch \ | 27 | file://LXC-Don-t-mount-securityfs-when-user-namespace-enabl.patch \ |
28 | file://Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch \ | 28 | file://Move-array-of-mounts-out-of-lxcContainerMountBasicFS.patch \ |
29 | file://LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch \ | 29 | file://LXC-don-t-try-to-mount-selinux-filesystem-when-user-.patch \ |
30 | file://0001-Add-virFileIsMountPoint-function.patch \ | ||
31 | file://0002-Remove-unused-opts-field-from-LXC-basic.patch \ | ||
32 | file://0003-Remove-pointless-srcpath-variable-in-lxcContainerMountBasicFS.patch \ | ||
33 | file://0004-Remove-duplicate-entries-in-lxcBasicMounts-array.patch \ | ||
34 | file://0005-Add-flag-to-lxcBasicMounts-to-control-use-in-user-namespaces.patch \ | ||
35 | file://0006-Skip-any-files-which-are-not-mounted-on-the-host.patch \ | ||
30 | file://libvirtd.sh \ | 36 | file://libvirtd.sh \ |
31 | file://libvirtd.conf" | 37 | file://libvirtd.conf" |
32 | 38 | ||