[lxc-devel] [ lxc-Bugs-3463349 ] lxc-destroy crosses filesystem boundaries

SourceForge.net noreply at sourceforge.net
Wed Feb 15 22:11:44 UTC 2012 

Bugs item #3463349, was opened at 2011-12-21 04:26
Message generated for change (Comment added) made by dlezcano
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3463349&group_id=163076

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
>Resolution: Fixed
Priority: 5
Private: No
Submitted By: Andrea Rota (hotzeplotz)
Assigned to: Nobody/Anonymous (nobody)
Summary: lxc-destroy crosses filesystem boundaries

Initial Comment:
if any portions of the host's filesystem are bind-mounted within an LXC container, lxc-destroy will wipe the host's contents under the mounted folders.
the proposed straightforward patch below should limit lxc-destroy's action to a single filesystem. this could not be the desired effect if people mount other stuff - not bind-mount - in the container, but in my opinion it's safer to remove the least possible, especially when it comes to bind-mounts that people within a container might not even be aware of. stuff mounted from within the container might need to be treated differently, but at least for the latter information would be available in mtab)


From 85bec9f97091d333656655f5806313edb247af72 Mon Sep 17 00:00:00 2001
From: andrea rota <a at xelera.eu>
Date: Wed, 21 Dec 2011 12:10:47 +0000
Subject: [PATCH] limit rm to rootfs, avoiding nuking of any bind mounts from
 the host

---
 src/lxc/lxc-destroy.in |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/lxc/lxc-destroy.in b/src/lxc/lxc-destroy.in
index dda48e6..c662c1f 100644
--- a/src/lxc/lxc-destroy.in
+++ b/src/lxc/lxc-destroy.in
@@ -87,4 +87,4 @@ if [ -b $rootdev -o -h $rootdev ]; then
        fi
 fi
 # recursively remove the container to remove old container configuration
-rm -rf --preserve-root $lxc_path/$lxc_name
+rm -rf --one-file-system --preserve-root $lxc_path/$lxc_name
-- 
1.7.5.4


----------------------------------------------------------------------

>Comment By: Daniel Lezcano (dlezcano)
Date: 2012-02-15 14:11

Message:
Thanks for the fix. It is in the tree.

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=826303&aid=3463349&group_id=163076

More information about the lxc-devel mailing list