[lxc-devel] [PATCH 2/2] fill_autodev: bind-mount if mknod fails
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Jan 9 19:38:36 UTC 2015
First, rename setup_autodev to fill_autodev, since all it
does is populate it, not fully set it up.
Secondly, if mknod of a device fails, then try bind-mounting
it from the host rather than failing immediately.
Note that this isn't an urgent patch because the common.userns
configuration hook already specifies bind,create=file mount
entries for all the devices we would want.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
src/lxc/conf.c | 25 +++++++++++++++++++++----
1 file changed, 21 insertions(+), 4 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 822f08d..665631b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1197,7 +1197,7 @@ static const struct lxc_devs lxc_devs[] = {
{ "console", S_IFCHR | S_IRUSR | S_IWUSR, 5, 1 },
};
-static int setup_autodev(const char *root)
+static int fill_autodev(const char *root)
{
int ret;
char path[MAXPATHLEN];
@@ -1221,8 +1221,25 @@ static int setup_autodev(const char *root)
return -1;
ret = mknod(path, d->mode, makedev(d->maj, d->min));
if (ret && errno != EEXIST) {
- SYSERROR("Error creating %s", d->name);
- return -1;
+ char hostpath[MAXPATHLEN];
+ FILE *pathfile;
+
+ // Unprivileged containers cannot create devices, so
+ // bind mount the device from the host
+ ret = snprintf(hostpath, MAXPATHLEN, "/dev/%s", d->name);
+ if (ret < 0 || ret >= MAXPATHLEN)
+ return -1;
+ pathfile = fopen(path, "wb");
+ if (!pathfile) {
+ SYSERROR("Failed to create device mount target '%s'", path);
+ return -1;
+ }
+ fclose(pathfile);
+ if (mount(hostpath, path, 0, MS_BIND, NULL) != 0) {
+ SYSERROR("Failed bind mounting device %s from host into container",
+ d->name);
+ return -1;
+ }
}
}
umask(cmask);
@@ -3889,7 +3906,7 @@ int lxc_setup(struct lxc_handler *handler)
ERROR("failed to run autodev hooks for container '%s'.", name);
return -1;
}
- if (setup_autodev(lxc_conf->rootfs.mount)) {
+ if (fill_autodev(lxc_conf->rootfs.mount)) {
ERROR("failed to populate /dev in the container");
return -1;
}
--
2.1.0
More information about the lxc-devel
mailing list