[lxc-devel] [PATCH] simpler shared rootfs handling

Stéphane Graber stgraber at ubuntu.com
Mon Mar 3 16:05:03 UTC 2014


On Fri, Feb 28, 2014 at 11:41:12PM -0600, Serge Hallyn wrote:
> Only do the funky chroot_into_slave if / is in fact the rootfs.
> Rootfs is a special blacklisted case for pivot_root.
> 
> If / is not rootfs but is shared, just mount / rslave.  We're
> already in our own namespace.
> 
> This appears to solve the extra /proc/$$/mount entries in
> containers and the host directories in lxc-attach which have
> been plagueing at least fedora and arch.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/conf.c  |  7 ++++++-
>  src/lxc/utils.c | 45 ++++++++++++++++++++++++++++++++++++++++++---
>  src/lxc/utils.h |  1 +
>  3 files changed, 49 insertions(+), 4 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index d99659a..2622371 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1506,11 +1506,16 @@ static int setup_rootfs(struct lxc_conf *conf)
>  		return -1;
>  	}
>  
> -	if (detect_shared_rootfs()) {
> +       if (detect_ramfs_rootfs()) {
>  		if (chroot_into_slave(conf)) {
>  			ERROR("Failed to chroot into slave /");
>  			return -1;
>  		}
> +       } else if (detect_shared_rootfs()) {
> +               if (mount("", "/", NULL, MS_SLAVE|MS_REC, 0)) {
> +                       SYSERROR("Failed to make / rslave");
> +                       return -1;
> +               }
>  	}
>  
>  	// First try mounting rootfs using a bdev
> diff --git a/src/lxc/utils.c b/src/lxc/utils.c
> index 0190a47..ded8e8e 100644
> --- a/src/lxc/utils.c
> +++ b/src/lxc/utils.c
> @@ -1215,16 +1215,16 @@ int detect_shared_rootfs(void)
>  		return 0;
>  	while (fgets(buf, LINELEN, f)) {
>  		for (p = buf, i=0; p && i < 4; i++)
> -			p = index(p+1, ' ');
> +			p = strchr(p+1, ' ');
>  		if (!p)
>  			continue;
> -		p2 = index(p+1, ' ');
> +		p2 = strchr(p+1, ' ');
>  		if (!p2)
>  			continue;
>  		*p2 = '\0';
>  		if (strcmp(p+1, "/") == 0) {
>  			// this is '/'.  is it shared?
> -			p = index(p2+1, ' ');
> +			p = strchr(p2+1, ' ');
>  			if (p && strstr(p, "shared:")) {
>  				fclose(f);
>  				return 1;
> @@ -1235,6 +1235,45 @@ int detect_shared_rootfs(void)
>  	return 0;
>  }
>  
> +/*
> + * looking at fs/proc_namespace.c, it appears we can
> + * actually expect the rootfs entry to very specifically contain
> + * " - rootfs rootfs "
> + * IIUC, so long as we've chrooted so that rootfs is not our root,
> + * the rootfs entry should always be skipped in mountinfo contents.
> + */
> +int detect_ramfs_rootfs(void)
> +{
> +	char buf[LINELEN], *p;
> +	FILE *f;
> +	int i;
> +	char *p2;
> +
> +	f = fopen("/proc/self/mountinfo", "r");
> +	if (!f)
> +		return 0;
> +	while (fgets(buf, LINELEN, f)) {
> +		for (p = buf, i=0; p && i < 4; i++)
> +			p = strchr(p+1, ' ');
> +		if (!p)
> +			continue;
> +		p2 = strchr(p+1, ' ');
> +		if (!p2)
> +			continue;
> +		*p2 = '\0';
> +		if (strcmp(p+1, "/") == 0) {
> +			// this is '/'.  is it the ramfs?
> +			p = strchr(p2+1, '-');
> +			if (p && strncmp(p, "- rootfs rootfs ", 16) == 0) {
> +				fclose(f);
> +				return 1;
> +			}
> +		}
> +	}
> +	fclose(f);
> +	return 0;
> +}
> +
>  bool on_path(char *cmd) {
>  	char *path = NULL;
>  	char *entry = NULL;
> diff --git a/src/lxc/utils.h b/src/lxc/utils.h
> index 978f586..a318ec8 100644
> --- a/src/lxc/utils.h
> +++ b/src/lxc/utils.h
> @@ -278,4 +278,5 @@ uint64_t fnv_64a_buf(void *buf, size_t len, uint64_t hval);
>  #endif
>  
>  int detect_shared_rootfs(void);
> +int detect_ramfs_rootfs(void);
>  bool on_path(char *cmd);
> -- 
> 1.9.0
> 

-- 
Stéphane Graber
Ubuntu developer
http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140303/dbca7c50/attachment.pgp>


More information about the lxc-devel mailing list