diff options
Diffstat (limited to 'recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch')
-rw-r--r-- | recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch | 106 |
1 files changed, 0 insertions, 106 deletions
diff --git a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch b/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch deleted file mode 100644 index a0ac4146..00000000 --- a/recipes-extended/libvirt/libvirt/0006-Skip-any-files-which-are-not-mounted-on-the-host.patch +++ /dev/null | |||
@@ -1,106 +0,0 @@ | |||
1 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
2 | To: libvir-list@redhat.com | ||
3 | Date: Mon, 7 Oct 2013 14:06:51 +0100 | ||
4 | Message-Id: <1381151211-27111-7-git-send-email-berrange@redhat.com> | ||
5 | In-Reply-To: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
6 | References: <1381151211-27111-1-git-send-email-berrange@redhat.com> | ||
7 | X-Scanned-By: MIMEDefang 2.68 on 10.5.11.25 | ||
8 | X-loop: libvir-list@redhat.com | ||
9 | Subject: [libvirt] [PATCH 6/6] Skip any files which are not mounted on the | ||
10 | host | ||
11 | X-BeenThere: libvir-list@redhat.com | ||
12 | X-Mailman-Version: 2.1.12 | ||
13 | Precedence: junk | ||
14 | List-Id: Development discussions about the libvirt library & tools | ||
15 | <libvir-list.redhat.com> | ||
16 | List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>, | ||
17 | <mailto:libvir-list-request@redhat.com?subject=unsubscribe> | ||
18 | List-Archive: <https://www.redhat.com/archives/libvir-list> | ||
19 | List-Post: <mailto:libvir-list@redhat.com> | ||
20 | List-Help: <mailto:libvir-list-request@redhat.com?subject=help> | ||
21 | List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>, | ||
22 | <mailto:libvir-list-request@redhat.com?subject=subscribe> | ||
23 | X-List-Received-Date: Mon, 07 Oct 2013 13:07:03 -0000 | ||
24 | |||
25 | From: "Daniel P. Berrange" <berrange@redhat.com> | ||
26 | |||
27 | Currently the LXC container tries to skip selinux/securityfs | ||
28 | mounts if the directory does not exist in the filesystem, | ||
29 | or if SELinux is disabled. | ||
30 | |||
31 | The former check is flawed because the /sys/fs/selinux | ||
32 | or /sys/kernel/securityfs directories may exist in sysfs | ||
33 | even if the mount type is disabled. Instead of just doing | ||
34 | an access() check, use an virFileIsMounted() to see if | ||
35 | the FS is actually present in the host OS. This also | ||
36 | avoids the need to check is_selinux_enabled(). | ||
37 | |||
38 | Signed-off-by: Daniel P. Berrange <berrange@redhat.com> | ||
39 | --- | ||
40 | src/lxc/lxc_container.c | 37 +++++++++++++++++++++++-------------- | ||
41 | 1 file changed, 23 insertions(+), 14 deletions(-) | ||
42 | |||
43 | diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c | ||
44 | index 05190bf..4ec7b67 100644 | ||
45 | --- a/src/lxc/lxc_container.c | ||
46 | +++ b/src/lxc/lxc_container.c | ||
47 | @@ -754,15 +754,16 @@ typedef struct { | ||
48 | const char *type; | ||
49 | int mflags; | ||
50 | bool skipUserNS; | ||
51 | + bool skipUnmounted; | ||
52 | } virLXCBasicMountInfo; | ||
53 | |||
54 | static const virLXCBasicMountInfo lxcBasicMounts[] = { | ||
55 | - { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false }, | ||
56 | - { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false }, | ||
57 | - { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false }, | ||
58 | - { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
59 | + { "proc", "/proc", "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, | ||
60 | + { "/proc/sys", "/proc/sys", NULL, MS_BIND|MS_RDONLY, false, false }, | ||
61 | + { "sysfs", "/sys", "sysfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false, false }, | ||
62 | + { "securityfs", "/sys/kernel/security", "securityfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, | ||
63 | #if WITH_SELINUX | ||
64 | - { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true }, | ||
65 | + { SELINUX_MOUNT, SELINUX_MOUNT, "selinuxfs", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true, true }, | ||
66 | #endif | ||
67 | }; | ||
68 | |||
69 | @@ -849,16 +850,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled) | ||
70 | VIR_DEBUG("Processing %s -> %s", | ||
71 | mnt->src, mnt->dst); | ||
72 | |||
73 | - /* Skip if mount doesn't exist in source */ | ||
74 | - if ((mnt->src[0] == '/') && | ||
75 | - (access(mnt->src, R_OK) < 0)) | ||
76 | - continue; | ||
77 | + if (mnt->skipUnmounted) { | ||
78 | + char *hostdir; | ||
79 | + int ret; | ||
80 | |||
81 | -#if WITH_SELINUX | ||
82 | - if (STREQ(mnt->src, SELINUX_MOUNT) && | ||
83 | - !is_selinux_enabled()) | ||
84 | - continue; | ||
85 | -#endif | ||
86 | + if (virAsprintf(&hostdir, "/.oldroot%s", mnt->dst) < 0) | ||
87 | + goto cleanup; | ||
88 | + | ||
89 | + ret = virFileIsMountPoint(hostdir); | ||
90 | + VIR_FREE(hostdir); | ||
91 | + if (ret < 0) | ||
92 | + goto cleanup; | ||
93 | + | ||
94 | + if (ret == 0) { | ||
95 | + VIR_DEBUG("Skipping '%s' which isn't mounted in host", | ||
96 | + mnt->dst); | ||
97 | + continue; | ||
98 | + } | ||
99 | + } | ||
100 | |||
101 | if (mnt->skipUserNS && userns_enabled) { | ||
102 | VIR_DEBUG("Skipping due to user ns enablement"); | ||
103 | -- | ||
104 | 1.8.3.1 | ||
105 | |||
106 | |||