[lxc-devel] [lxc/master] conf: fix read-only bind mounts

tych0 on Github lxc-bot at linuxcontainers.org
Tue Mar 24 16:21:15 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 871 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200324/a52250bc/attachment.bin>
-------------- next part --------------
From 94bef7e4b4ee4b8b05bc4ba52b536fdc8d099c2c Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Tue, 24 Mar 2020 10:16:50 -0600
Subject: [PATCH] conf: fix read-only bind mounts

Here we would always set MS_RDONLY in required_flags if it was set in
mountflags, so the expression:

!(required_flags & ~mountflags)

would always be true, and we would always skip the remount.

Instead, let's treat readonly as special: always do the remount if
MS_RDONLY is present. Unfortunately it doesn't seem to show up in
sb.f_flag, so we can't use the same path as everything else.

This only inadvertently worked before because of a bug fixed in
f75917858023 ("conf: don't accidently double-mount").

Signed-off-by: Tycho Andersen <tycho at tycho.ws>
---
 src/lxc/conf.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 2de772511e..0c36737c61 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1847,15 +1847,14 @@ static int mount_entry(const char *fsname, const char *target,
 	}
 
 	if ((mountflags & MS_REMOUNT) || (mountflags & MS_BIND)) {
-		unsigned long required_flags = 0;
 
 		DEBUG("Remounting \"%s\" on \"%s\" to respect bind or remount options",
 		      srcpath ? srcpath : "(none)", target ? target : "(none)");
 
-		if (mountflags & MS_RDONLY)
-			required_flags |= MS_RDONLY;
 #ifdef HAVE_STATVFS
 		if (srcpath && statvfs(srcpath, &sb) == 0) {
+			unsigned long required_flags = 0;
+
 			if (sb.f_flag & MS_NOSUID)
 				required_flags |= MS_NOSUID;
 
@@ -1875,7 +1874,8 @@ static int mount_entry(const char *fsname, const char *target,
 			 * does not have any flags which are not already in
 			 * mountflags, then skip the remount.
 			 */
-			if (!(mountflags & MS_REMOUNT) && !(required_flags & ~mountflags)) {
+			if (!(mountflags & MS_REMOUNT) &&
+			    (!(required_flags & ~mountflags) && !(mountflags & MS_RDONLY))) {
 				DEBUG("Mountflags already were %lu, skipping remount", mountflags);
 				goto skipremount;
 			}

More information about the lxc-devel mailing list