[lxc-devel] [patch 0/2][resend] move up file configuration parsing

[Andrian Nord]

On Wed, Nov 25, 2009 at 12:08:19AM +0100, Daniel Lezcano wrote:
> Move configuration file parsing out of lxc_start.

As I've understand, you want to do all checks around configuration
inside start.c to prevent duplicating same work into lxc-execute and
lxc-start, right?

There is a little problem, if you'll look at problem mentioned in
previous thread.
When we are starting container there could be a few cases:
1) This is application container started by lxc-execute. Then
lxc-execute provide some temporary rootfs, do all binds, loads lxc_conf
with corresponding values and calls lxc_start procedure with this
lxc_conf and specified executable.

2) This is standard full-system container, i.e. it's lxc-start call
without arguments/with '/sbin/init' argument. In that case we has
completely unprepared lxc_conf with default values, in particular, with
rootfs=/. This case should be forbidden, probably by checking if
rootfs==/ (NULL) and executable == /sbin/init

3) This is non-standard full-system container, i.e. it's lxc-start call
with specifying init other that /sbin/init. In that case we have all
problems of 2), but we can't check executable == /sbin/init.

4) This is liblxc call from up-level application. All bad =)

So, there is two solutions:
1) Caller should validate rootfs. This is solution for 4) and
logical for 2) and 3) - lxc-start without rcfile make no sense anyway.

2) Forbid rootfs=/ for everyone - probably having rootfs=/ is something
useless and, if you want all / contents inside container, it could be
easily done by mount-bind.