Add support for guest bind mounts with LXC

Currently you can configure LXC to bind a host directory to a guest directory, but not to bind a guest directory to a guest directory. While the guest container init could do this itself, allowing it in the libvirt XML means a stricter SELinux policy can be written

Add support for guest bind mounts with LXC
Currently you can configure LXC to bind a host directory to a guest directory, but not to bind a guest directory to a guest directory. While the guest container init could do this itself, allowing it in the libvirt XML means a stricter SELinux policy can be written
3b1ddec1 · Daniel P. Berrange · 76b644c3 · 3b1ddec1 · 3b1ddec1 · 3b1ddec1
5 changed file
--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
@@ -1639,6 +1639,11 @@
          which gives the memory usage limit in kibibytes. Only used
          by LXC driver.
          <span class="since"> (since 0.9.13)</span></dd>
+        <dt><code>type='bind'></code></dt>
+        <dd>
+          A directory inside the guest will be bound to another
+          directory inside the guest. Only used by LXC driver
+          <span class="since"> (since 0.9.13)</span></dd>
        </dl>
      The filesystem block has an optional attribute <code>accessmode</code>

--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
@@ -1277,6 +1277,21 @@
            </optional>
          </interleave>
        </group>
+        <group>
+          <optional>
+            <attribute name="type">
+              <value>bind</value>
+            </attribute>
+          </optional>
+          <interleave>
+            <element name="source">
+              <attribute name="dir">
+                <ref name="absFilePath"/>
+              </attribute>
+              <empty/>
+            </element>
+          </interleave>
+        </group>
        <group>
          <attribute name="type">
            <value>template</value>

--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -265,7 +265,8 @@ VIR_ENUM_IMPL(virDomainFS, VIR_DOMAIN_FS_TYPE_LAST,
              "block",
              "file",
              "template",
-              "ram")
+              "ram",
+              "bind")
 VIR_ENUM_IMPL(virDomainFSDriverType, VIR_DOMAIN_FS_DRIVER_TYPE_LAST,
              "default",
@@ -4264,7 +4265,8 @@ virDomainFSDefParseXML(xmlNodePtr node,
            if (!source &&
                xmlStrEqual(cur->name, BAD_CAST "source")) {
-                if (def->type == VIR_DOMAIN_FS_TYPE_MOUNT)
+                if (def->type == VIR_DOMAIN_FS_TYPE_MOUNT ||
+                    def->type == VIR_DOMAIN_FS_TYPE_BIND)
                    source = virXMLPropString(cur, "dir");
                else if (def->type == VIR_DOMAIN_FS_TYPE_FILE)
                    source = virXMLPropString(cur, "file");
@@ -11353,6 +11355,7 @@ virDomainFSDefFormat(virBufferPtr buf,
    switch (def->type) {
    case VIR_DOMAIN_FS_TYPE_MOUNT:
+    case VIR_DOMAIN_FS_TYPE_BIND:
        virBufferEscapeString(buf, "      <source dir='%s'/>\n",
                              def->src);
        break;

--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -657,11 +657,12 @@ struct _virDomainControllerDef {
 /* Two types of disk backends */
 enum virDomainFSType {
-    VIR_DOMAIN_FS_TYPE_MOUNT,   /* Better named 'bind' */
+    VIR_DOMAIN_FS_TYPE_MOUNT, /* Mounts (binds) a host dir on a guest dir */
-    VIR_DOMAIN_FS_TYPE_BLOCK,
+    VIR_DOMAIN_FS_TYPE_BLOCK, /* Mounts a host block dev on a guest dir */
-    VIR_DOMAIN_FS_TYPE_FILE,
+    VIR_DOMAIN_FS_TYPE_FILE,  /* Loopback mounts a host file on a guest dir */
-    VIR_DOMAIN_FS_TYPE_TEMPLATE,
+    VIR_DOMAIN_FS_TYPE_TEMPLATE, /* Expands a OS template to a guest dir */
-    VIR_DOMAIN_FS_TYPE_RAM,
+    VIR_DOMAIN_FS_TYPE_RAM,   /* Mount a RAM filesystem on a guest dir */
+    VIR_DOMAIN_FS_TYPE_BIND,  /* Binds a guest dir to another guest dir */
    VIR_DOMAIN_FS_TYPE_LAST
 };

--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1025,7 +1025,14 @@ static int lxcContainerMountFS(virDomainFSDefPtr fs,
        if (lxcContainerMountFSTmpfs(fs) < 0)
            return -1;
        break;
+    case VIR_DOMAIN_FS_TYPE_BIND:
+        if (lxcContainerMountFSBind(fs, "") < 0)
+            return -1;
+        break;
    case VIR_DOMAIN_FS_TYPE_FILE:
+        /* We do actually support this, but the lxc controller
+         * should have associated the file with a loopback
+         * device and changed this to TYPE_BLOCK for us */
        lxcError(VIR_ERR_INTERNAL_ERROR,
                 _("Unexpected filesystem type %s"),
                 virDomainFSTypeToString(fs->type));