LXC: don't try to mount selinux filesystem when user namespace enabled

Right now we mount selinuxfs even user namespace is enabled and ignore the error. But we shouldn't ignore these errors when user namespace is not enabled. This patch skips mounting selinuxfs when user namespace enabled. Signed-off-by: N Gao feng <gaofeng@cn.fujitsu.com>

LXC: don't try to mount selinux filesystem when user namespace enabled
Right now we mount selinuxfs even user namespace is enabled and ignore the error. But we shouldn't ignore these errors when user namespace is not enabled. This patch skips mounting selinuxfs when user namespace enabled. Signed-off-by: N Gao feng <gaofeng@cn.fujitsu.com>
1c7037cf · Gao feng · Daniel P. Berrange · 53c39f58 · 1c7037cf
隐藏空白更改
内联并排

Showing with 1 addition and 7 deletion

src/lxc/lxc_container.c src/lxc/lxc_container.c +1 -7

未找到文件。
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -868,7 +868,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled)

 #if WITH_SELINUX
        if (STREQ(mnt->src, SELINUX_MOUNT) &&
-            !is_selinux_enabled())
+            (!is_selinux_enabled() || userns_enabled))
            continue;
 #endif

@@ -885,12 +885,6 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
        VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s",
                  srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts);
        if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) {
-#if WITH_SELINUX
-            if (STREQ(mnt->src, SELINUX_MOUNT) &&
-                (errno == EINVAL || errno == EPERM))
-                continue;
-#endif
-
            virReportSystemError(errno,
                                 _("Failed to mount %s on %s type %s flags=%x opts=%s"),
                                 srcpath, mnt->dst, NULLSTR(mnt->type),