[Lxc-users] [PATCH] fix lxc.mount.entry with blockdevs
Serge Hallyn
serge.hallyn at canonical.com
Wed Mar 21 14:30:15 UTC 2012
1. Update templates to use relative paths when creating containers.
2. Allow lxc.mount.entry to specify an absolute target path relative to
/var/lib/lxc/CN/rootfs, even if rootfs is a blockdev. Otherwise all
such entries are ignored for blockdev-backed containers.
Arguably (1) isn't needed given (2), but it does make for more readable
and easier to copy configs.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/960860
Signed-off-by: Serge Hallyn <serge.hallyn at canonical.com>
--
src/lxc/conf.c | 48 ++++++++++++++++++++++++++++++++----------
templates/lxc-debian.in | 6 ++---
templates/lxc-fedora.in | 4 +--
templates/lxc-lenny.in | 4 +--
templates/lxc-opensuse.in | 4 +--
templates/lxc-sshd.in | 18 +++++++--------
templates/lxc-ubuntu-cloud.in | 4 +--
templates/lxc-ubuntu.in | 6 ++---
8 files changed, 60 insertions(+), 34 deletions(-)
Index: lxc-shutdownv2/templates/lxc-debian.in
===================================================================
--- lxc-shutdownv2.orig/templates/lxc-debian.in 2012-03-21 08:19:26.959577521 -0500
+++ lxc-shutdownv2/templates/lxc-debian.in 2012-03-21 08:20:00.827745468 -0500
@@ -258,9 +258,9 @@
#lxc.cgroup.memory.memsw.limit_in_bytes = 1G
## Filesystem
-lxc.mount.entry = proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-lxc.mount.entry = sysfs $rootfs/sys sysfs defaults,ro 0 0
-#lxc.mount.entry = /srv/$name $rootfs/srv/$name none defaults,bind 0 0
+lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry = sysfs sys sysfs defaults,ro 0 0
+#lxc.mount.entry = /srv/$name srv/$name none defaults,bind 0 0
EOF
if [ $? -ne 0 ]; then
Index: lxc-shutdownv2/templates/lxc-fedora.in
===================================================================
--- lxc-shutdownv2.orig/templates/lxc-fedora.in 2012-03-21 08:19:26.895577207 -0500
+++ lxc-shutdownv2/templates/lxc-fedora.in 2012-03-21 08:20:00.827745468 -0500
@@ -257,8 +257,8 @@
EOF
cat <<EOF > $config_path/fstab
-proc $rootfs_path/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs_path/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
echo "Failed to add configuration"
Index: lxc-shutdownv2/templates/lxc-lenny.in
===================================================================
--- lxc-shutdownv2.orig/templates/lxc-lenny.in 2012-03-21 08:19:26.987577660 -0500
+++ lxc-shutdownv2/templates/lxc-lenny.in 2012-03-21 08:20:00.831745492 -0500
@@ -200,8 +200,8 @@
lxc.cgroup.devices.allow = c 254:0 rwm
# mounts point
-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
Index: lxc-shutdownv2/templates/lxc-opensuse.in
===================================================================
--- lxc-shutdownv2.orig/templates/lxc-opensuse.in 2012-03-21 08:19:26.867577067 -0500
+++ lxc-shutdownv2/templates/lxc-opensuse.in 2012-03-21 08:20:00.831745492 -0500
@@ -260,8 +260,8 @@
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
Index: lxc-shutdownv2/templates/lxc-sshd.in
===================================================================
--- lxc-shutdownv2.orig/templates/lxc-sshd.in 2012-03-21 08:19:27.055578004 -0500
+++ lxc-shutdownv2/templates/lxc-sshd.in 2012-03-21 08:20:00.851745584 -0500
@@ -113,14 +113,14 @@
lxc.utsname = $name
lxc.pts = 1024
lxc.rootfs = $rootfs
-lxc.mount.entry=/dev $rootfs/dev none ro,bind 0 0
-lxc.mount.entry=/lib $rootfs/lib none ro,bind 0 0
-lxc.mount.entry=/bin $rootfs/bin none ro,bind 0 0
-lxc.mount.entry=/usr /$rootfs/usr none ro,bind 0 0
-lxc.mount.entry=/sbin $rootfs/sbin none ro,bind 0 0
-lxc.mount.entry=tmpfs $rootfs/var/run/sshd tmpfs mode=0644 0 0
-lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd $rootfs/sbin/init none bind 0 0
-lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry=/dev dev none ro,bind 0 0
+lxc.mount.entry=/lib lib none ro,bind 0 0
+lxc.mount.entry=/bin bin none ro,bind 0 0
+lxc.mount.entry=/usr usr none ro,bind 0 0
+lxc.mount.entry=/sbin sbin none ro,bind 0 0
+lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0
+lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
+lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0
EOF
# if no .ipv4 section in config, then have the container run dhcp
@@ -128,7 +128,7 @@
if [ "$(uname -m)" = "x86_64" ]; then
cat <<EOF >> $path/config
-lxc.mount.entry=/lib64 $rootfs/lib64 none ro,bind 0 0
+lxc.mount.entry=/lib64 lib64 none ro,bind 0 0
EOF
fi
}
Index: lxc-shutdownv2/templates/lxc-ubuntu-cloud.in
===================================================================
--- lxc-shutdownv2.orig/templates/lxc-ubuntu-cloud.in 2012-03-21 08:19:26.835576913 -0500
+++ lxc-shutdownv2/templates/lxc-ubuntu-cloud.in 2012-03-21 08:20:00.851745584 -0500
@@ -87,8 +87,8 @@
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
return 0
Index: lxc-shutdownv2/templates/lxc-ubuntu.in
===================================================================
--- lxc-shutdownv2.orig/templates/lxc-ubuntu.in 2012-03-21 08:19:27.015577799 -0500
+++ lxc-shutdownv2/templates/lxc-ubuntu.in 2012-03-21 08:20:00.851745584 -0500
@@ -338,8 +338,8 @@
EOF
cat <<EOF > $path/fstab
-proc $rootfs/proc proc nodev,noexec,nosuid 0 0
-sysfs $rootfs/sys sysfs defaults 0 0
+proc proc proc nodev,noexec,nosuid 0 0
+sysfs sys sysfs defaults 0 0
EOF
if [ $? -ne 0 ]; then
@@ -515,7 +515,7 @@
# bind-mount the user's path into the container's /home
h=`getent passwd $user | cut -d: -f 6`
mkdir -p $rootfs/$h
- echo "$h $rootfs/$h none bind 0 0" >> $path/fstab
+ echo "$h $h none bind 0 0" >> $path/fstab
# Make sure the group exists in container
grp=`echo $pwd | cut -d: -f 4` # group number for $user
Index: lxc-shutdownv2/src/lxc/conf.c
===================================================================
--- lxc-shutdownv2.orig/src/lxc/conf.c 2012-03-19 16:04:26.457848571 -0500
+++ lxc-shutdownv2/src/lxc/conf.c 2012-03-21 09:17:52.988962983 -0500
@@ -1135,27 +1135,50 @@
}
static int mount_entry_on_absolute_rootfs(struct mntent *mntent,
- const struct lxc_rootfs *rootfs)
+ const struct lxc_rootfs *rootfs,
+ const char *lxc_name)
{
char *aux;
char path[MAXPATHLEN];
unsigned long mntflags;
char *mntdata;
- int ret = 0;
+ int r, ret = 0, offset;
if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
return -1;
}
+ /* if rootfs->path is a blockdev path, allow container fstab to
+ * use /var/lib/lxc/CN/rootfs as the target prefix */
+ r = snprintf(path, MAXPATHLEN, "/var/lib/lxc/%s/rootfs", lxc_name);
+ if (r < 0 || r >= MAXPATHLEN)
+ goto skipvarlib;
+
+ aux = strstr(mntent->mnt_dir, path);
+ if (aux) {
+ offset = strlen(path);
+ goto skipabs;
+ }
+
+skipvarlib:
aux = strstr(mntent->mnt_dir, rootfs->path);
if (!aux) {
WARN("ignoring mount point '%s'", mntent->mnt_dir);
goto out;
}
+ offset = strlen(rootfs->path);
+
+skipabs:
snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount,
- aux + strlen(rootfs->path));
+ aux + offset);
+ if (r < 0 || r >= MAXPATHLEN) {
+ WARN("pathnme too long for '%s'", mntent->mnt_dir);
+ ret = -1;
+ goto out;
+ }
+
ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type,
mntflags, mntdata);
@@ -1189,7 +1212,8 @@
return ret;
}
-static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file)
+static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file,
+ const char *lxc_name)
{
struct mntent *mntent;
int ret = -1;
@@ -1210,7 +1234,7 @@
continue;
}
- if (mount_entry_on_absolute_rootfs(mntent, rootfs))
+ if (mount_entry_on_absolute_rootfs(mntent, rootfs, lxc_name))
goto out;
}
@@ -1221,7 +1245,8 @@
return ret;
}
-static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab)
+static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
+ const char *lxc_name)
{
FILE *file;
int ret;
@@ -1235,13 +1260,14 @@
return -1;
}
- ret = mount_file_entries(rootfs, file);
+ ret = mount_file_entries(rootfs, file, lxc_name);
endmntent(file);
return ret;
}
-static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount)
+static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount,
+ const char *lxc_name)
{
FILE *file;
struct lxc_list *iterator;
@@ -1261,7 +1287,7 @@
rewind(file);
- ret = mount_file_entries(rootfs, file);
+ ret = mount_file_entries(rootfs, file, lxc_name);
fclose(file);
return ret;
@@ -1871,12 +1897,12 @@
return -1;
}
- if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab)) {
+ if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) {
ERROR("failed to setup the mounts for '%s'", name);
return -1;
}
- if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list)) {
+ if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name)) {
ERROR("failed to setup the mount entries for '%s'", name);
return -1;
}
More information about the lxc-users
mailing list