[Lxc-users] [PATCH 7/9] templates: use relative paths when creating containers

Serge Hallyn serge at hallyn.com
Thu Apr 26 05:09:39 UTC 2012


From: Serge Hallyn <serge.hallyn at ubuntu.com>

At the same time, allow lxc.mount.entry to specify an absolute target
path relative to /var/lib/lxc/CN/rootfs, even if rootfs is a blockdev.
Otherwise all such entries are ignored for blockdev-backed containers.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
---
 src/lxc/conf.c                |   48 +++++++++++++++++++++++++++++++----------
 templates/lxc-debian.in       |    4 ++--
 templates/lxc-fedora.in       |    6 +++---
 templates/lxc-lenny.in        |    4 ++--
 templates/lxc-opensuse.in     |    4 ++--
 templates/lxc-sshd.in         |   16 +++++++-------
 templates/lxc-ubuntu-cloud.in |    4 ++--
 templates/lxc-ubuntu.in       |    4 ++--
 8 files changed, 58 insertions(+), 32 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index b0ce92b..87f7adc 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1146,27 +1146,50 @@ static inline int mount_entry_on_systemfs(struct mntent *mntent)
 }
 
 static int mount_entry_on_absolute_rootfs(struct mntent *mntent,
-					  const struct lxc_rootfs *rootfs)
+					  const struct lxc_rootfs *rootfs,
+					  const char *lxc_name)
 {
 	char *aux;
 	char path[MAXPATHLEN];
 	unsigned long mntflags;
 	char *mntdata;
-	int ret = 0;
+	int r, ret = 0, offset;
 
 	if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
 		ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
 		return -1;
 	}
 
+	/* if rootfs->path is a blockdev path, allow container fstab to
+	 * use /var/lib/lxc/CN/rootfs as the target prefix */
+	r = snprintf(path, MAXPATHLEN, "/var/lib/lxc/%s/rootfs", lxc_name);
+	if (r < 0 || r >= MAXPATHLEN)
+		goto skipvarlib;
+
+	aux = strstr(mntent->mnt_dir, path);
+	if (aux) {
+		offset = strlen(path);
+		goto skipabs;
+	}
+
+skipvarlib:
 	aux = strstr(mntent->mnt_dir, rootfs->path);
 	if (!aux) {
 		WARN("ignoring mount point '%s'", mntent->mnt_dir);
 		goto out;
 	}
+	offset = strlen(rootfs->path);
+
+skipabs:
 
 	snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount,
-		 aux + strlen(rootfs->path));
+		 aux + offset);
+	if (r < 0 || r >= MAXPATHLEN) {
+		WARN("pathnme too long for '%s'", mntent->mnt_dir);
+		ret = -1;
+		goto out;
+	}
+
 
 	ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type,
 			  mntflags, mntdata);
@@ -1200,7 +1223,8 @@ static int mount_entry_on_relative_rootfs(struct mntent *mntent,
 	return ret;
 }
 
-static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file)
+static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file,
+	const char *lxc_name)
 {
 	struct mntent *mntent;
 	int ret = -1;
@@ -1221,7 +1245,7 @@ static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file)
 			continue;
 		}
 
-		if (mount_entry_on_absolute_rootfs(mntent, rootfs))
+		if (mount_entry_on_absolute_rootfs(mntent, rootfs, lxc_name))
 			goto out;
 	}
 
@@ -1232,7 +1256,8 @@ out:
 	return ret;
 }
 
-static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab)
+static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
+	const char *lxc_name)
 {
 	FILE *file;
 	int ret;
@@ -1246,13 +1271,14 @@ static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab)
 		return -1;
 	}
 
-	ret = mount_file_entries(rootfs, file);
+	ret = mount_file_entries(rootfs, file, lxc_name);
 
 	endmntent(file);
 	return ret;
 }
 
-static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount)
+static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount,
+	const char *lxc_name)
 {
 	FILE *file;
 	struct lxc_list *iterator;
@@ -1272,7 +1298,7 @@ static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list
 
 	rewind(file);
 
-	ret = mount_file_entries(rootfs, file);
+	ret = mount_file_entries(rootfs, file, lxc_name);
 
 	fclose(file);
 	return ret;
@@ -2051,12 +2077,12 @@ int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
 		return -1;
 	}
 
-	if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab)) {
+	if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) {
 		ERROR("failed to setup the mounts for '%s'", name);
 		return -1;
 	}
 
-	if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list)) {
+	if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name)) {
 		ERROR("failed to setup the mount entries for '%s'", name);
 		return -1;
 	}
diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
index b97bbac..34d9593 100644
--- a/templates/lxc-debian.in
+++ b/templates/lxc-debian.in
@@ -212,8 +212,8 @@ lxc.cgroup.devices.allow = c 5:2 rwm
 lxc.cgroup.devices.allow = c 254:0 rwm
 
 # mounts point
-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults  0 0
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=sysfs sys sysfs defaults  0 0
 EOF
 
     if [ $? -ne 0 ]; then
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index 3f50895..3aa2d73 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -263,9 +263,9 @@ lxc.cgroup.devices.allow = c 254:0 rwm
 EOF
 
     cat <<EOF > $config_path/fstab
-proc            $rootfs_path/proc         proc    nodev,noexec,nosuid 0 0
-devpts          $rootfs_path/dev/pts      devpts defaults 0 0
-sysfs           $rootfs_path/sys          sysfs defaults  0 0
+proc            proc         proc    nodev,noexec,nosuid 0 0
+devpts          dev/pts      devpts defaults 0 0
+sysfs           sys          sysfs defaults  0 0
 EOF
     if [ $? -ne 0 ]; then
 	echo "Failed to add configuration"
diff --git a/templates/lxc-lenny.in b/templates/lxc-lenny.in
index 3720dce..910c185 100644
--- a/templates/lxc-lenny.in
+++ b/templates/lxc-lenny.in
@@ -200,8 +200,8 @@ lxc.cgroup.devices.allow = c 5:2 rwm
 lxc.cgroup.devices.allow = c 254:0 rwm
 
 # mounts point
-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults  0 0
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=sysfs sys sysfs defaults  0 0
 EOF
 
     if [ $? -ne 0 ]; then
diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in
index 120b2c7..3d2e001 100644
--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -281,8 +281,8 @@ lxc.cgroup.devices.allow = c 254:0 rwm
 EOF
 
     cat <<EOF > $path/fstab
-proc            $rootfs/proc         proc	nodev,noexec,nosuid 0 0
-sysfs           $rootfs/sys          sysfs	defaults  0 0
+proc            proc         proc	nodev,noexec,nosuid 0 0
+sysfs           sys          sysfs	defaults  0 0
 EOF
 
     if [ $? -ne 0 ]; then
diff --git a/templates/lxc-sshd.in b/templates/lxc-sshd.in
index 749d08a..f0da30f 100644
--- a/templates/lxc-sshd.in
+++ b/templates/lxc-sshd.in
@@ -111,13 +111,13 @@ cat <<EOF >> $path/config
 lxc.utsname = $name
 lxc.pts = 1024
 lxc.rootfs = $rootfs
-lxc.mount.entry=/dev $rootfs/dev none ro,bind 0 0
-lxc.mount.entry=/lib $rootfs/lib none ro,bind 0 0
-lxc.mount.entry=/bin $rootfs/bin none ro,bind 0 0
-lxc.mount.entry=/usr /$rootfs/usr none ro,bind 0 0
-lxc.mount.entry=/sbin $rootfs/sbin none ro,bind 0 0
-lxc.mount.entry=tmpfs $rootfs/var/run/sshd tmpfs mode=0644 0 0
-lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd $rootfs/sbin/init none bind 0 0
+lxc.mount.entry=/dev dev none ro,bind 0 0
+lxc.mount.entry=/lib lib none ro,bind 0 0
+lxc.mount.entry=/bin bin none ro,bind 0 0
+lxc.mount.entry=/usr usr none ro,bind 0 0
+lxc.mount.entry=/sbin sbin none ro,bind 0 0
+lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0
+lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
 lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
 EOF
 
@@ -126,7 +126,7 @@ grep -q "^lxc.network.ipv4" $path/config || touch $rootfs/run-dhcp
 
 if [ "$(uname -m)" = "x86_64" ]; then
     cat <<EOF >> $path/config
-lxc.mount.entry=/lib64 $rootfs/lib64 none ro,bind 0 0
+lxc.mount.entry=/lib64 lib64 none ro,bind 0 0
 EOF
 fi
 }
diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in
index 493c10a..cba30c1 100644
--- a/templates/lxc-ubuntu-cloud.in
+++ b/templates/lxc-ubuntu-cloud.in
@@ -88,8 +88,8 @@ lxc.cgroup.devices.allow = c 10:232 rwm
 EOF
 
     cat <<EOF > $path/fstab
-proc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
-sysfs           $rootfs/sys          sysfs defaults  0 0
+proc            proc         proc    nodev,noexec,nosuid 0 0
+sysfs           sys          sysfs defaults  0 0
 EOF
 
     # rmdir /dev/shm in precise containers.
diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in
index 0c422ea..de4f426 100644
--- a/templates/lxc-ubuntu.in
+++ b/templates/lxc-ubuntu.in
@@ -366,8 +366,8 @@ lxc.cgroup.devices.allow = c 10:232 rwm
 EOF
 
     cat <<EOF > $path/fstab
-proc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
-sysfs           $rootfs/sys          sysfs defaults  0 0
+proc            proc         proc    nodev,noexec,nosuid 0 0
+sysfs           sys          sysfs defaults  0 0
 EOF
 
     if [ $? -ne 0 ]; then
-- 
1.7.9.5





More information about the lxc-users mailing list