skip rootfs pinning for unprivileged containers

This is perfectly safe since you cannot unmount the host fs from
a child userns.

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
S.Çağlar Onur 2014-01-16 00:01:28 -05:00 committed by Serge Hallyn
parent e8d07ef205
commit 5e32a9901d

View File

@ -763,11 +763,14 @@ static int lxc_spawn(struct lxc_handler *handler)
/*
* if the rootfs is not a blockdev, prevent the container from
* marking it readonly.
*
* if the container is unprivileged then skip rootfs pinning
*/
handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
if (handler->pinfd == -1)
INFO("failed to pin the container's rootfs");
if (lxc_list_empty(&handler->conf->id_map)) {
handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
if (handler->pinfd == -1)
INFO("failed to pin the container's rootfs");
}
if (preserve_ns(saved_ns_fd, preserve_mask) < 0)
goto out_delete_net;