[lxc-devel] [PATCH please read!] Update absolute paths for overlay and aufs mounts

Christian Brauner christianvanbrauner at gmail.com
Fri Oct 9 12:50:43 UTC 2015 

1) Note also that this function does not sanitize paths apart from removing
   trailing slashes. (So when a user specifies //home//someone/// it will be
   cleaned to //home//someone. This is the minimal path cleansing which is also
   done by lxc_container_new().) But the mount_entry_create_overlay_dirs() and
   mount_entry_create_aufs_dirs() function both try to be extremely strict about
   when to create upperdirs and workdirs. They will only accept sanitized paths,
   i.e. they require /home/someone and nothing else. I think this is a (safety)
   virtue and we should consider sanitizing paths in general. In short:
   update_union_mount_entry_paths() does update all absolute paths to the new
   container but mount_entry_create_*_dirs() will still refuse to create
   upperdir and workdir when the updated path is unclean. This happens easily
   when e.g. a user calls lxc-clone -o OLD -n NEW -P //home//chb///.
   The function can easily be adapted to do path sanitizing before updating the
   paths but this should probably be something the API-functions like
   do_lxcapi_clone() etc. should actually be doing. Something to think about...

2) Someone familiar with the part of lxc_conf->unexpanded_config should
   especially check if setting lxc_conf->unexpanded_len and
   lxc_conf->unexpanded_alloced in the following way is ok:

+			if (new_unexpanded_config) {
+				free(lxc_conf->unexpanded_config);
+				lxc_conf->unexpanded_config = strdup(new_unexpanded_config);
+			} else if (tmp_unexpanded_config) {
+				free(lxc_conf->unexpanded_config);
+				lxc_conf->unexpanded_config = strdup(tmp_unexpanded_config);
+			}
+
+			if (lxc_conf->unexpanded_config) {
+				len = strlen(lxc_conf->unexpanded_config);
+				lxc_conf->unexpanded_len = len;
+				lxc_conf->unexpanded_alloced = len + 1;
+			}
+
+			free(new_unexpanded_config);
+			free(tmp_unexpanded_config);
+			new_unexpanded_config = NULL;
+			tmp_unexpanded_config = NULL;
+			tmp = NULL;
+
+			if (!lxc_conf->unexpanded_config)
+				goto err;

Christian Brauner (1):
  Update absolute paths for overlay and aufs mounts

 src/lxc/lxccontainer.c | 108 ++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 107 insertions(+), 1 deletion(-)

-- 
2.6.1

More information about the lxc-devel mailing list