[lxc-devel] [PATCH 2/2] fill_autodev: bind-mount if mknod fails (v3)
Stéphane Graber
stgraber at ubuntu.com
Fri Jan 16 00:09:51 UTC 2015
On Mon, Jan 12, 2015 at 11:56:28PM +0000, Serge Hallyn wrote:
> First, rename setup_autodev to fill_autodev, since all it
> does is populate it, not fully set it up.
>
> Secondly, if mknod of a device fails, then try bind-mounting
> it from the host rather than failing immediately.
>
> Note that this isn't an urgent patch because the common.userns
> configuration hook already specifies bind,create=file mount
> entries for all the devices we would want.
>
> Changelog (v3): ignore if /dev doesn't exist
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> ---
> src/lxc/conf.c | 28 ++++++++++++++++++++++++----
> 1 file changed, 24 insertions(+), 4 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index dff5020..19efe72 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1155,7 +1155,7 @@ static const struct lxc_devs lxc_devs[] = {
> { "console", S_IFCHR | S_IRUSR | S_IWUSR, 5, 1 },
> };
>
> -static int setup_autodev(const char *root)
> +static int fill_autodev(const char *root)
> {
> int ret;
> char path[MAXPATHLEN];
> @@ -1170,6 +1170,9 @@ static int setup_autodev(const char *root)
> return -1;
> }
>
> + if (!dir_exists(path)) // ignore, just don't try to fill in
> + return 0;
> +
> INFO("Populating /dev under %s", root);
> cmask = umask(S_IXUSR | S_IXGRP | S_IXOTH);
> for (i = 0; i < sizeof(lxc_devs) / sizeof(lxc_devs[0]); i++) {
> @@ -1179,8 +1182,25 @@ static int setup_autodev(const char *root)
> return -1;
> ret = mknod(path, d->mode, makedev(d->maj, d->min));
> if (ret && errno != EEXIST) {
> - SYSERROR("Error creating %s", d->name);
> - return -1;
> + char hostpath[MAXPATHLEN];
> + FILE *pathfile;
> +
> + // Unprivileged containers cannot create devices, so
> + // bind mount the device from the host
> + ret = snprintf(hostpath, MAXPATHLEN, "/dev/%s", d->name);
> + if (ret < 0 || ret >= MAXPATHLEN)
> + return -1;
> + pathfile = fopen(path, "wb");
> + if (!pathfile) {
> + SYSERROR("Failed to create device mount target '%s'", path);
> + return -1;
> + }
> + fclose(pathfile);
> + if (mount(hostpath, path, 0, MS_BIND, NULL) != 0) {
> + SYSERROR("Failed bind mounting device %s from host into container",
> + d->name);
> + return -1;
> + }
> }
> }
> umask(cmask);
> @@ -3847,7 +3867,7 @@ int lxc_setup(struct lxc_handler *handler)
> ERROR("failed to run autodev hooks for container '%s'.", name);
> return -1;
> }
> - if (setup_autodev(lxc_conf->rootfs.mount)) {
> + if (fill_autodev(lxc_conf->rootfs.mount)) {
> ERROR("failed to populate /dev in the container");
> return -1;
> }
> --
> 2.1.0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20150115/75599f41/attachment.sig>
More information about the lxc-devel
mailing list