LXC: don't unmount mounts for shared root

Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users, unprivileged user has no rights to umount the mounts that inherited from parent mountns. right now, I have no good idea to fix this problem, we need to do more research. this patch just skip unmounting these mounts for shared root. BTW, I think when libvirt lxc enables user namespace, the configuation that shares root with host is very rara. Signed-off-by: N Gao feng <gaofeng@cn.fujitsu.com>

LXC: don't unmount mounts for shared root
Also after commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942 vfs: Lock in place mounts from more privileged users, unprivileged user has no rights to umount the mounts that inherited from parent mountns. right now, I have no good idea to fix this problem, we need to do more research. this patch just skip unmounting these mounts for shared root. BTW, I think when libvirt lxc enables user namespace, the configuation that shares root with host is very rara. Signed-off-by: N Gao feng <gaofeng@cn.fujitsu.com>
f575fda7 · Gao feng · Daniel P. Berrange · 46f2d16f · f575fda7
隐藏空白更改
内联并排

Showing with 3 addition and 1 deletion

src/lxc/lxc_container.c src/lxc/lxc_container.c +3 -1

未找到文件。
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1665,7 +1665,9 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
    if (lxcContainerPivotRoot(root) < 0)
        goto cleanup;

-    if (STREQ(root->src, "/") &&
+    /* FIXME: we should find a way to unmount these mounts for container
+     * even user namespace is enabled. */
+    if (STREQ(root->src, "/") && (!vmDef->idmap.nuidmap) &&
        lxcContainerUnmountForSharedRoot(stateDir, vmDef->name) < 0)
        goto cleanup;