[lxc-devel] [lxc/lxc] ced03a: attach: mount a sane prox for LSM setup

GitHub noreply at github.com
Tue May 26 17:07:05 UTC 2015 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: ced03a017b2d72b44bd76ee195fd2c953120f49b
      https://github.com/lxc/lxc/commit/ced03a017b2d72b44bd76ee195fd2c953120f49b
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-05-26 (Tue, 26 May 2015)

  Changed paths:
    M src/lxc/attach.c
    M src/lxc/conf.c
    M src/lxc/utils.c
    M src/lxc/utils.h

  Log Message:
  -----------
  attach: mount a sane prox for LSM setup

To set lsm labels, a namespace-local proc mount is needed.

If a container does not have a lxc.mount.auto = proc set, then
tasks in the container do not have a correct /proc mount until
init feels like doing the mount.  At startup we handlie this
by mounting a temporary /proc if needed.  We weren't doing this
at attach, though, so that

lxc-start -n $container
lxc-wait -t 5 -s RUNNING -n $container
lxc-attach -n $container -- uname -a

could in a racy way fail with something like

lxc-attach: lsm/apparmor.c: apparmor_process_label_set: 183 No such file or directory - failed to change apparmor profile to lxc-container-default

Thanks to Chris Townsend for finding this bug at
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1452451

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: fe4478860810c6db680181e67f65c3a15e97fc15
      https://github.com/lxc/lxc/commit/fe4478860810c6db680181e67f65c3a15e97fc15
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-05-26 (Tue, 26 May 2015)

  Changed paths:
    M src/lxc/utils.c

  Log Message:
  -----------
  proc update - don't assume we are pid 1

(I erred in the first patch, causing every lxc-attach to unmount the
container-'s /proc)

Since we now use mount_proc_if_needed() from attach, as opposed to only
from start, we cannot assume we are pid 1.  So fix the check for whether
to mount a new proc.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/88e3899351cf...fe4478860810

More information about the lxc-devel mailing list