[lxc-devel] [PATCH] skip rootfs pinning for unprivileged containers
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Jan 16 14:46:31 UTC 2014
Quoting S.Çağlar Onur (caglar at 10ur.org):
> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
Perfectly safe since you can't unmount the host fs from a child userns.
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/start.c | 11 +++++++----
> 1 file changed, 7 insertions(+), 4 deletions(-)
>
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 6c07e43..fbdfc05 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -782,11 +782,14 @@ static int lxc_spawn(struct lxc_handler *handler)
> /*
> * if the rootfs is not a blockdev, prevent the container from
> * marking it readonly.
> + *
> + * if the container is unprivileged then skip rootfs pinning
> */
> -
> - handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
> - if (handler->pinfd == -1)
> - INFO("failed to pin the container's rootfs");
> + if (lxc_list_empty(&handler->conf->id_map)) {
> + handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
> + if (handler->pinfd == -1)
> + INFO("failed to pin the container's rootfs");
> + }
>
> if (preserve_ns(saved_ns_fd, preserve_mask) < 0)
> goto out_delete_net;
> --
> 1.8.3.2
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list