From f8c40ffa39c41c5b3885caa4f3830f0a899ab1d3 Mon Sep 17 00:00:00 2001 From: LiFeng Date: Wed, 7 Feb 2018 11:39:59 -0500 Subject: [PATCH 1/2] cgfsng: do MS_REMOUNT Perform MS_REMOUNT on mounts with MS_RDONLY. Signed-off-by: LiFeng Signed-off-by: Christian Brauner --- src/lxc/cgroups/cgfsng.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index f4bec7f52..cf165a27b 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1947,6 +1947,15 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h, cgpath); return -1; } + + if (flags & MS_RDONLY) { + if (mount(sourcepath, cgpath, "cgroup", MS_REMOUNT | flags | MS_RDONLY, NULL) < 0) { + free(sourcepath); + SYSERROR("Error remounting %s read-only", cgpath); + return -1; + } + } + free(sourcepath); INFO("Completed second stage cgroup automounts for %s", cgpath); return 0; From 886cac862bfb470aed652e70ea7421259dcbad8c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Wed, 7 Feb 2018 11:27:57 +0100 Subject: [PATCH 2/2] cgfsng: non-functional changes Signed-off-by: Christian Brauner --- src/lxc/cgroups/cgfsng.c | 48 +++++++++++++++++++++++++--------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index cf165a27b..a97310ee0 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1915,49 +1915,61 @@ static bool cg_mount_needs_subdirs(int type) return true; } -/* - * After $rootfs/sys/fs/container/controller/the/cg/path has been - * created, remount controller ro if needed and bindmount the - * cgroupfs onto controll/the/cg/path +/* After $rootfs/sys/fs/container/controller/the/cg/path has been created, + * remount controller ro if needed and bindmount the cgroupfs onto + * controll/the/cg/path. */ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h, char *controllerpath, char *cgpath, const char *container_cgroup) { + int ret; + char *sourcepath; + int flags = MS_BIND; + if (type == LXC_AUTO_CGROUP_RO || type == LXC_AUTO_CGROUP_MIXED) { - if (mount(controllerpath, controllerpath, "cgroup", MS_BIND, NULL) < 0) { - SYSERROR("Error bind-mounting %s", controllerpath); + ret = mount(controllerpath, controllerpath, "cgroup", MS_BIND, NULL); + if (ret < 0) { + SYSERROR("Failed to bind mount \"%s\" onto \"%s\"", + controllerpath, controllerpath); return -1; } - if (mount(controllerpath, controllerpath, "cgroup", - MS_REMOUNT | MS_BIND | MS_RDONLY, NULL) < 0) { - SYSERROR("Error remounting %s read-only", controllerpath); + + ret = mount(controllerpath, controllerpath, "cgroup", + MS_REMOUNT | MS_BIND | MS_RDONLY, NULL); + if (ret < 0) { + SYSERROR("Failed to remount \"%s\" ro", controllerpath); return -1; } + INFO("Remounted %s read-only", controllerpath); } - char *sourcepath = must_make_path(h->mountpoint, h->base_cgroup, container_cgroup, NULL); - int flags = MS_BIND; + + sourcepath = must_make_path(h->mountpoint, h->base_cgroup, + container_cgroup, NULL); if (type == LXC_AUTO_CGROUP_RO) flags |= MS_RDONLY; - INFO("Mounting %s onto %s", sourcepath, cgpath); - if (mount(sourcepath, cgpath, "cgroup", flags, NULL) < 0) { + + ret = mount(sourcepath, cgpath, "cgroup", flags, NULL); + if (ret < 0) { + SYSERROR("Failed to mount \"%s\" onto \"%s\"", h->controllers[0], cgpath); free(sourcepath); - SYSERROR("Error mounting cgroup %s onto %s", h->controllers[0], - cgpath); return -1; } + INFO("Mounted \"%s\" onto \"%s\"", h->controllers[0], cgpath); if (flags & MS_RDONLY) { - if (mount(sourcepath, cgpath, "cgroup", MS_REMOUNT | flags | MS_RDONLY, NULL) < 0) { + ret = mount(sourcepath, cgpath, "cgroup", + MS_REMOUNT | flags | MS_RDONLY, NULL); + if (ret < 0) { + SYSERROR("Failed to remount \"%s\" ro", cgpath); free(sourcepath); - SYSERROR("Error remounting %s read-only", cgpath); return -1; } } free(sourcepath); - INFO("Completed second stage cgroup automounts for %s", cgpath); + INFO("Completed second stage cgroup automounts for \"%s\"", cgpath); return 0; }