diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 9c04d06b66ddca20dd6d62f0d8650cb1377001fa..0ab4ab72dda9f3e0ec52d10b38653ebe91063d51 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1486,6 +1486,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, int ret = -1; char *sec_mount_options; char *stateDir = NULL; + char *tmp = NULL; VIR_DEBUG("Setup pivot root"); @@ -1522,6 +1523,26 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef, goto cleanup; #endif + /* These filesystems are created by libvirt temporarily, they + * shouldn't appear in container. */ + if (STREQ(root->src, "/")) { + if (virAsprintf(&tmp, "%s/%s.dev", stateDir, vmDef->name) < 0 || + lxcContainerUnmountSubtree(tmp, false) < 0) + goto cleanup; + + VIR_FREE(tmp); + if (virAsprintf(&tmp, "%s/%s.devpts", stateDir, vmDef->name) < 0 || + lxcContainerUnmountSubtree(tmp, false) < 0) + goto cleanup; + +#if WITH_FUSE + VIR_FREE(tmp); + if (virAsprintf(&tmp, "%s/%s.fuse", stateDir, vmDef->name) < 0 || + lxcContainerUnmountSubtree(tmp, false) < 0) + goto cleanup; +#endif + } + /* If we have the root source being '/', then we need to * get rid of any existing stuff under /proc, /sys & /tmp. * We need new namespace aware versions of those. We must @@ -1571,6 +1592,7 @@ cleanup: VIR_FREE(stateDir); virCgroupFree(&cgroup); VIR_FREE(sec_mount_options); + VIR_FREE(tmp); return ret; }