proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 05:26:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #4003 from brauner/2021-10-19.fixes

Browse Source 
conf: verify that rootfs is stable after setting up mounts
This commit is contained in:
Stéphane Graber 2021-10-19 11:24:26 -04:00 committed by GitHub
commit 2db3d91eea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/lxc/conf.c
View File

@ -1431,6 +1431,23 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs)
return log_trace(0, "Container uses separate rootfs. Opened container's rootfs");
}
static bool lxc_rootfs_overmounted(struct lxc_rootfs *rootfs)
{
__do_close int fd_rootfs = -EBADF;
if (!rootfs->path)
fd_rootfs = open_at(-EBADF, "/", PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE, 0);
else
fd_rootfs = open_at(-EBADF, rootfs->mount, PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
if (fd_rootfs < 0)
return true;
if (!same_file_lax(rootfs->dfd_mnt, fd_rootfs))
return syswarn_ret(true, "Rootfs seems to have changed after setting up mounts");
return false;
}
static int lxc_chroot(const struct lxc_rootfs *rootfs)
{
__do_free char *nroot = NULL;
@ -4363,6 +4380,9 @@ int lxc_setup(struct lxc_handler *handler)
if (ret < 0)
return log_error(-1, "Failed to run mount hooks");
if (lxc_rootfs_overmounted(&lxc_conf->rootfs))
return log_error(-1, "Rootfs overmounted");
if (lxc_conf->autodev > 0) {
ret = run_lxc_hooks(name, "autodev", lxc_conf, NULL);
if (ret < 0)