Remove sub-mounts under /dev when starting an LXC container

Since we are mounting a new /dev in the container, we must remove any sub-mounts like /dev/shm, /dev/mqueue, etc, otherwise they'll be recorded in /proc/mounts, but not be accessible to applications.

Remove sub-mounts under /dev when starting an LXC container
Since we are mounting a new /dev in the container, we must remove any sub-mounts like /dev/shm, /dev/mqueue, etc, otherwise they'll be recorded in /proc/mounts, but not be accessible to applications.
5bb83236 · Daniel P. Berrange · 0ac3baee · 5bb83236
隐藏空白更改
内联并排

Showing with 4 addition and 3 deletion

src/lxc/lxc_container.c src/lxc/lxc_container.c +4 -3

未找到文件。
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1416,10 +1416,11 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
    if (lxcContainerPivotRoot(root) < 0)
        goto cleanup;

-    /* Gets rid of any existing stuff under /proc, since we need new
-     * namespace aware versions of those. We must do /proc second
-     * otherwise we won't find /proc/mounts :-) */
+    /* Gets rid of any existing stuff under /proc, /sys & /tmp
+     * We need new namespace aware versions of those. We must
+     * do /proc last otherwise we won't find /proc/mounts :-) */
    if (lxcContainerUnmountSubtree("/sys", false) < 0 ||
+        lxcContainerUnmountSubtree("/dev", false) < 0 ||
        lxcContainerUnmountSubtree("/proc", false) < 0)
        goto cleanup;