[lxc-devel] [PATCH 23/24] create rslave chroot any time pivot_root fails with -EINVAL

Tue Jan 8 17:43:07 UTC 2013

Quoting Stéphane Graber (stgraber at ubuntu.com):
> From: Serge Hallyn <serge.hallyn at ubuntu.com>
> 
> Note we still need the function to detect a MS_SHARED /, bc
> if we detect that then we need to umount the chroot tmpfs
> mount which lxc-start created, whose mount was forwarded to
> the host mounts namespace.

Wait I'm confused - I thought this wasn't working for you and you
weren't using it / didn't need it?

For those playing along at home:  in a previous patch I detected /
being MS_SHARED, in which case I created a MS_PRIVATE tmpfs chroot
just to pivot_root out of.  (technically, the parent of the chroot
needs to be private, hence the tmpfs under which we are chrooted into
/root).  This patch moves the creation of a MS_PRIVATE chroot to
much later in the container startup.  It does it anytime pivot_root
fails with -EINVAL, because there are other possible causes of that.
In particular, if you are on a system where / is MS_NOUSER.

> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
>  src/lxc/conf.c | 31 ++++++++++++++++++++-----------
>  1 file changed, 20 insertions(+), 11 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 945c3b8..09cfa9f 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1163,13 +1163,6 @@ static int setup_rootfs(struct lxc_conf *conf)
>  		return -1;
>  	}
>  
> -	if (detect_shared_rootfs()) {
> -		if (chroot_into_slave(conf)) {
> -			ERROR("Failed to chroot into slave /");
> -			return -1;
> -		}
> -	}
> -
>  	if (mount_rootfs(rootfs->path, rootfs->mount)) {
>  		ERROR("failed to mount rootfs");
>  		return -1;
> @@ -1180,17 +1173,33 @@ static int setup_rootfs(struct lxc_conf *conf)
>  	return 0;
>  }
>  
> -int setup_pivot_root(const struct lxc_rootfs *rootfs)
> +static int setup_pivot_root(struct lxc_conf *conf)
>  {
> +	const struct lxc_rootfs *rootfs = &conf->rootfs;
> +
>  	if (!rootfs->path)
>  		return 0;
>  
> -	if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot)) {
> +	if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot) == 0)
> +		return 0;
> +
> +	if (errno != EINVAL) {
>  		ERROR("failed to setup pivot root");
>  		return -1;
>  	}
>  
> -	return 0;
> +	INFO("pivot_root failed.  Trying pivot_root under custom chroot.");
> +
> +	if (chroot_into_slave(conf)) {
> +		ERROR("Failed to chroot into slave /");
> +		return -1;
> +	}
> +
> +	if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot) == 0)
> +		return 0;
> +
> +	ERROR("failed to setup pivot root");
> +	return -1;
>  }
>  
>  static int setup_pts(int pts)
> @@ -2649,7 +2658,7 @@ int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
>  	}
>  #endif
>  
> -	if (setup_pivot_root(&lxc_conf->rootfs)) {
> +	if (setup_pivot_root(lxc_conf)) {
>  		ERROR("failed to set rootfs for '%s'", name);
>  		return -1;
>  	}
> -- 
> 1.8.0
> 