[lxc-devel] [PATCH 2/3] execute: bind init.lxc.static into container

Stéphane Graber stgraber at ubuntu.com
Tue May 20 08:21:41 UTC 2014 

On Mon, May 19, 2014 at 03:51:28PM +0000, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgraber at ubuntu.com):
> > On Mon, May 12, 2014 at 06:04:00PM +0000, Serge Hallyn wrote:
> > > Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> > 
> > So one concern here is that SBINDIR may be pretty much anything and may
> > look pretty awkward in the container, can we have the bind-mount be done
> > with say /lxc.init.static instead and only be done in the last resort
> > case where an existing init couldn't be found?
> 
> Sure, that sounds good.

Your new patch does put it in /lxc.init.static but still appears to do
it in all cases (even if it ends up unused). I'd really prefer we only
do the bind-mount if we can't detect a suitable init in the rootfs and
also remove the bind-mounted file from the rootfs on exit (at least in
the non-error path).

I'd really like us to make sure that when you use lxc, either for a full
fledged container or just for an application container that the rootfs
is restored to the way it was when the container exits. That means
removing the bind-mount target in this case, restoring the original
tty/console nodes, ...

> 
> > > ---
> > >  src/lxc/conf.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> > >  1 file changed, 58 insertions(+)
> > > 
> > > diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> > > index 7427a94..0580f46 100644
> > > --- a/src/lxc/conf.c
> > > +++ b/src/lxc/conf.c
> > > @@ -3811,6 +3811,61 @@ static void remount_all_slave(void)
> > >  		free(line);
> > >  }
> > >  
> > > +void lxc_execute_bind_init(struct lxc_conf *conf)
> > > +{
> > > +	int ret;
> > > +	char path[PATH_MAX], destpath[PATH_MAX];
> > > +
> > > +	ret = snprintf(path, PATH_MAX, SBINDIR "/init.lxc.static");
> > > +	if (ret < 0 || ret >= PATH_MAX) {
> > > +		WARN("Path name too long searching for lxc.init.static");
> > > +		return;
> > > +	}
> > > +
> > > +	if (!file_exists(path)) {
> > > +		INFO("%s does not exist on host", path);
> > > +		return;
> > > +	}
> > > +
> > > +	ret = snprintf(destpath, PATH_MAX, "%s%s", conf->rootfs.mount, path);
> > > +	if (ret < 0 || ret >= PATH_MAX) {
> > > +		WARN("Path name too long for container's lxc.init.static");
> > > +		return;
> > > +	}
> > > +
> > > +	if (!file_exists(destpath)) {
> > > +		FILE *pathfile;
> > > +		char *pathdirname = strdup(path);
> > > +
> > > +		if (!pathdirname) {
> > > +			SYSERROR("Out of memory binding lxc.init.static into container");
> > > +			return;
> > > +		}
> > > +		pathdirname = dirname(pathdirname);
> > > +		ret = mkdir_p(pathdirname, 0755);
> > > +		free(pathdirname);
> > > +		if (ret < 0) {
> > > +			/*
> > > +			 * this can fail just due to read-only bind mounts.  Trust
> > > +			 * that the user knows what they want, log and proceed
> > > +			 */
> > > +			WARN("Failed to create %s in container", SBINDIR);
> > > +			return;
> > > +		}
> > > +		pathfile = fopen(destpath, "wb");
> > > +		if (!pathfile) {
> > > +			SYSERROR("Failed to create mount target '%s'", destpath);
> > > +			return;
> > > +		}
> > > +		fclose(pathfile);
> > > +	}
> > > +
> > > +	ret = mount(path, destpath, "none", MS_BIND, NULL);
> > > +	if (ret < 0)
> > > +		SYSERROR("Failed to bind lxc.init.static into container");
> > > +	INFO("lxc.init.static bound into container at %s", path);
> > > +}
> > > +
> > >  int lxc_setup(struct lxc_handler *handler)
> > >  {
> > >  	const char *name = handler->name;
> > > @@ -3878,6 +3933,9 @@ int lxc_setup(struct lxc_handler *handler)
> > >  		return -1;
> > >  	}
> > >  
> > > +	if (lxc_conf->is_execute)
> > > +		lxc_execute_bind_init(lxc_conf);
> > > +
> > >  	/* now mount only cgroup, if wanted;
> > >  	 * before, /sys could not have been mounted
> > >  	 * (is either mounted automatically or via fstab entries)
> > > -- 
> > > 1.9.1
> > > 
> > > _______________________________________________
> > > lxc-devel mailing list
> > > lxc-devel at lists.linuxcontainers.org
> > > http://lists.linuxcontainers.org/listinfo/lxc-devel
> > 
> > -- 
> > Stéphane Graber
> > Ubuntu developer
> > http://www.ubuntu.com
> 
> 
> 
> > _______________________________________________
> > lxc-devel mailing list
> > lxc-devel at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140520/bf6d3bb1/attachment.sig>

More information about the lxc-devel mailing list