[lxc-devel] [PATCH 2/2] fill_autodev: bind-mount if mknod fails

Stéphane Graber stgraber at ubuntu.com
Mon Jan 12 21:33:43 UTC 2015 

On Fri, Jan 09, 2015 at 07:38:36PM +0000, Serge Hallyn wrote:
> First, rename setup_autodev to fill_autodev, since all it
> does is populate it, not fully set it up.
> 
> Secondly, if mknod of a device fails, then try bind-mounting
> it from the host rather than failing immediately.
> 
> Note that this isn't an urgent patch because the common.userns
> configuration hook already specifies bind,create=file mount
> entries for all the devices we would want.
> 
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

Acked-by: Stéphane Graber <stgraber at ubuntu.com>

> ---
>  src/lxc/conf.c | 25 +++++++++++++++++++++----
>  1 file changed, 21 insertions(+), 4 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 822f08d..665631b 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1197,7 +1197,7 @@ static const struct lxc_devs lxc_devs[] = {
>  	{ "console",	S_IFCHR | S_IRUSR | S_IWUSR,	       5, 1	},
>  };
>  
> -static int setup_autodev(const char *root)
> +static int fill_autodev(const char *root)
>  {
>  	int ret;
>  	char path[MAXPATHLEN];
> @@ -1221,8 +1221,25 @@ static int setup_autodev(const char *root)
>  			return -1;
>  		ret = mknod(path, d->mode, makedev(d->maj, d->min));
>  		if (ret && errno != EEXIST) {
> -			SYSERROR("Error creating %s", d->name);
> -			return -1;
> +			char hostpath[MAXPATHLEN];
> +			FILE *pathfile;
> +
> +			// Unprivileged containers cannot create devices, so
> +			// bind mount the device from the host
> +			ret = snprintf(hostpath, MAXPATHLEN, "/dev/%s", d->name);
> +			if (ret < 0 || ret >= MAXPATHLEN)
> +				return -1;
> +			pathfile = fopen(path, "wb");
> +			if (!pathfile) {
> +				SYSERROR("Failed to create device mount target '%s'", path);
> +				return -1;
> +			}
> +			fclose(pathfile);
> +			if (mount(hostpath, path, 0, MS_BIND, NULL) != 0) {
> +				SYSERROR("Failed bind mounting device %s from host into container",
> +					d->name);
> +				return -1;
> +			}
>  		}
>  	}
>  	umask(cmask);
> @@ -3889,7 +3906,7 @@ int lxc_setup(struct lxc_handler *handler)
>  			ERROR("failed to run autodev hooks for container '%s'.", name);
>  			return -1;
>  		}
> -		if (setup_autodev(lxc_conf->rootfs.mount)) {
> +		if (fill_autodev(lxc_conf->rootfs.mount)) {
>  			ERROR("failed to populate /dev in the container");
>  			return -1;
>  		}
> -- 
> 2.1.0
> 
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150112/158bb000/attachment.sig>

More information about the lxc-devel mailing list