[lxc-devel] [lxc/master] cgfsng: add required remount flags

Thu Feb 8 10:40:43 UTC 2018

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 486 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180208/fd1bd8d5/attachment.bin>
-------------- next part --------------
From 5285689c588f46b76696423f9b8d4af4f0b67869 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Thu, 8 Feb 2018 11:36:41 +0100
Subject: [PATCH] cgfsng: add required remount flags

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9566d6742852c527bf5af38af5cbb878dad75705

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 16 +++++++++++-----
 src/lxc/conf.c           |  2 +-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index a97310ee0..53963d1bb 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1923,7 +1923,7 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
 					   char *controllerpath, char *cgpath,
 					   const char *container_cgroup)
 {
-	int ret;
+	int ret, remount_flags;
 	char *sourcepath;
 	int flags = MS_BIND;
 
@@ -1935,6 +1935,9 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
 			return -1;
 		}
 
+		remount_flags = add_required_remount_flags(controllerpath,
+							   controllerpath,
+							   flags | MS_REMOUNT);
 		ret = mount(controllerpath, controllerpath, "cgroup",
 			    MS_REMOUNT | MS_BIND | MS_RDONLY, NULL);
 		if (ret < 0) {
@@ -1959,13 +1962,15 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
 	INFO("Mounted \"%s\" onto \"%s\"", h->controllers[0], cgpath);
 
 	if (flags & MS_RDONLY) {
-		ret = mount(sourcepath, cgpath, "cgroup",
-			    MS_REMOUNT | flags | MS_RDONLY, NULL);
+		remount_flags = add_required_remount_flags(sourcepath, cgpath,
+							   flags | MS_REMOUNT);
+		ret = mount(sourcepath, cgpath, "cgroup", remount_flags, NULL);
 		if (ret < 0) {
 			SYSERROR("Failed to remount \"%s\" ro", cgpath);
 			free(sourcepath);
 			return -1;
 		}
+		INFO("Remounted %s read-only", cgpath);
 	}
 
 	free(sourcepath);
@@ -1973,7 +1978,8 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
 	return 0;
 }
 
-static int mount_cgroup_cgns_supported(int type, struct hierarchy *h, const char *controllerpath)
+static int cg_mount_in_cgroup_namespace(int type, struct hierarchy *h,
+					const char *controllerpath)
 {
 	 int ret;
 	 char *controllers = NULL;
@@ -2066,7 +2072,7 @@ static bool cgfsng_mount(void *hdata, const char *root, int type)
 			 * will not have CAP_SYS_ADMIN after it has started we
 			 * need to mount the cgroups manually.
 			 */
-			r = mount_cgroup_cgns_supported(type, h, controllerpath);
+			r = cg_mount_in_cgroup_namespace(type, h, controllerpath);
 			free(controllerpath);
 			if (r < 0)
 				goto bad;
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 9b6868940..31ac3593b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -575,7 +575,7 @@ int pin_rootfs(const char *rootfs)
  * NOEXEC etc are honored.
  */
 unsigned long add_required_remount_flags(const char *s, const char *d,
-		unsigned long flags)
+					 unsigned long flags)
 {
 #ifdef HAVE_STATVFS
 	struct statvfs sb;
