[lxc-devel] [lxc/master] conf: verify_start_hooks() after lxc.mount.entry

brauner on Github lxc-bot at linuxcontainers.org
Wed Oct 10 11:09:07 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 480 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20181010/01dd61c5/attachment.bin>
-------------- next part --------------
From 853f3401617ec37c3561d842727e1b0eeca20a1e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Wed, 10 Oct 2018 13:06:21 +0200
Subject: [PATCH] conf: verify_start_hooks() after lxc.mount.entry

Fixes: https://discuss.linuxcontainers.org/t/are-lxc-mount-entry-available-when-lxc-hook-start-is-validated/2906/3
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/conf.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 856fde1dd..807a38b5d 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3512,7 +3512,6 @@ static bool verify_start_hooks(struct lxc_conf *conf)
 
 	lxc_list_for_each (it, &conf->hooks[LXCHOOK_START]) {
 		int ret;
-		struct stat st;
 		char *hookname = it->elem;
 
 		ret = snprintf(path, PATH_MAX, "%s%s",
@@ -3521,9 +3520,9 @@ static bool verify_start_hooks(struct lxc_conf *conf)
 		if (ret < 0 || ret >= PATH_MAX)
 			return false;
 
-		ret = stat(path, &st);
+		ret = access(path, F_OK);
 		if (ret < 0) {
-			SYSERROR("Start hook %s not found in container",
+			SYSERROR("Start hook \"%s\" not found in container",
 				 hookname);
 			return false;
 		}
@@ -3602,10 +3601,6 @@ int lxc_setup(struct lxc_handler *handler)
 		return -1;
 	}
 
-	/* Make sure any start hooks are in the container */
-	if (!verify_start_hooks(lxc_conf))
-		return -1;
-
 	if (lxc_conf->is_execute) {
 		if (execveat_supported()) {
 			int fd;
@@ -3673,6 +3668,12 @@ int lxc_setup(struct lxc_handler *handler)
 		}
 	}
 
+	/* Make sure any start hooks are in the container */
+	if (!verify_start_hooks(lxc_conf)) {
+		ERROR("Failed to verify start hooks");
+		return -1;
+	}
+
 	ret = lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console,
 				lxc_conf->ttys.dir);
 	if (ret < 0) {

More information about the lxc-devel mailing list