[lxc-devel] [PATCH 1/1] lxc_mount_auto_mounts: honor existing nodev etc at remounts

Stéphane Graber stgraber at ubuntu.com
Fri Aug 22 19:04:57 UTC 2014 

On Wed, Aug 20, 2014 at 11:18:40PM +0000, Serge Hallyn wrote:
> Same problem as we had with mount_entry().  lxc_mount_auto_mounts()
> sometimes does bind mount followed by remount to change options.
> With recent kernels it must pass any preexisting NODEV/NOSUID/etc
> flags.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/conf.c | 40 ++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 38 insertions(+), 2 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index f75f5ca..594e3b0 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -689,6 +689,39 @@ int pin_rootfs(const char *rootfs)
>  	return fd;
>  }
>  
> +/*
> + * If we are asking to remount something, make sure that any
> + * NOEXEC etc are honored.
> + */
> +static unsigned long add_required_remount_flags(const char *s, const char *d,
> +		unsigned long flags)
> +{
> +	struct statvfs sb;
> +	unsigned long required_flags = 0;
> +
> +	if (!(flags & MS_REMOUNT))
> +		return flags;
> +
> +	if (!s)
> +		s = d;
> +
> +	if (!s)
> +		return flags;
> +	if (statvfs(s, &sb) < 0)
> +		return flags;
> +
> +	if (sb.f_flag & MS_NOSUID)
> +		required_flags |= MS_NOSUID;
> +	if (sb.f_flag & MS_NODEV)
> +		required_flags |= MS_NODEV;
> +	if (sb.f_flag & MS_RDONLY)
> +		required_flags |= MS_RDONLY;
> +	if (sb.f_flag & MS_NOEXEC)
> +		required_flags |= MS_NOEXEC;
> +
> +	return flags | required_flags;
> +}
> +
>  static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_handler *handler)
>  {
>  	int r;
> @@ -729,6 +762,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
>  			char *source = NULL;
>  			char *destination = NULL;
>  			int saved_errno;
> +			unsigned long mflags;
>  
>  			if (default_mounts[i].source) {
>  				/* will act like strdup if %r is not present */
> @@ -749,10 +783,12 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha
>  					return -1;
>  				}
>  			}
> -			r = mount(source, destination, default_mounts[i].fstype, default_mounts[i].flags, default_mounts[i].options);
> +			mflags = add_required_remount_flags(source, destination,
> +					default_mounts[i].flags);
> +			r = mount(source, destination, default_mounts[i].fstype, mflags, default_mounts[i].options);
>  			saved_errno = errno;
>  			if (r < 0)
> -				SYSERROR("error mounting %s on %s", source, destination);
> +				SYSERROR("error mounting %s on %s flags %lu", source, destination, mflags);
>  			free(source);
>  			free(destination);
>  			if (r < 0) {
> -- 
> 2.1.0.rc1
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140822/58204d88/attachment.sig>

More information about the lxc-devel mailing list