[lxc-devel] [lxd/master] lxd/daemon: Detect nodev and improve errors

stgraber on Github lxc-bot at linuxcontainers.org
Tue May 5 03:47:36 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200504/589820e2/attachment.bin>
-------------- next part --------------
From 815e23b4fb13cdaa1b6b6026911aee54cb849bab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 4 May 2020 23:46:54 -0400
Subject: [PATCH] lxd/daemon: Detect nodev and improve errors
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #7291

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/daemon.go                   | 13 +++++++++++++
 lxd/device/device_utils_unix.go |  4 ++++
 lxd/sys/os.go                   |  1 +
 3 files changed, 18 insertions(+)

diff --git a/lxd/daemon.go b/lxd/daemon.go
index 4f26b29d93..9ea3732bfa 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -670,6 +670,19 @@ func (d *Daemon) init() error {
 		d.os.LXCFeatures[extension] = liblxc.HasApiExtension(extension)
 	}
 
+	// Validate the devices storage.
+	os.Remove(shared.VarPath("devices", ".test"))
+	devNum := int(unix.Mkdev(0, 0))
+	err = unix.Mknod(shared.VarPath("devices", ".test"), 0600|unix.S_IFCHR, devNum)
+	if err == nil {
+		fd, err := os.Open(shared.VarPath("devices", ".test"))
+		if err != nil && os.IsPermission(err) {
+			logger.Warnf("Unable to access device nodes, LXD likely running on a nodev mount")
+			d.os.Nodev = true
+		}
+		fd.Close()
+	}
+
 	/* Initialize the database */
 	dump, err := initializeDbObject(d)
 	if err != nil {
diff --git a/lxd/device/device_utils_unix.go b/lxd/device/device_utils_unix.go
index 74302669e3..da711e6f01 100644
--- a/lxd/device/device_utils_unix.go
+++ b/lxd/device/device_utils_unix.go
@@ -195,6 +195,10 @@ func UnixDeviceCreate(s *state.State, idmapSet *idmap.IdmapSet, devicesPath stri
 
 	// Create the new entry.
 	if !s.OS.RunningInUserNS {
+		if s.OS.Nodev {
+			return nil, fmt.Errorf("Can't create device as devices path is mounted nodev")
+		}
+
 		devNum := int(unix.Mkdev(d.Major, d.Minor))
 		err := unix.Mknod(devPath, uint32(d.Mode), devNum)
 		if err != nil {
diff --git a/lxd/sys/os.go b/lxd/sys/os.go
index 4c7af7b6c8..8214a3b9ca 100644
--- a/lxd/sys/os.go
+++ b/lxd/sys/os.go
@@ -47,6 +47,7 @@ type OS struct {
 	InotifyWatch    InotifyInfo
 	LxcPath         string // Path to the $LXD_DIR/containers directory
 	MockMode        bool   // If true some APIs will be mocked (for testing)
+	Nodev           bool
 	RunningInUserNS bool
 	UnprivUser      string
 	UnprivUID       int

More information about the lxc-devel mailing list