mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-08-03 08:52:48 +00:00
skip rootfs pinning for unprivileged containers
This is perfectly safe since you cannot unmount the host fs from a child userns. Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This commit is contained in:
parent
e8d07ef205
commit
5e32a9901d
@ -763,11 +763,14 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
/*
|
||||
* if the rootfs is not a blockdev, prevent the container from
|
||||
* marking it readonly.
|
||||
*
|
||||
* if the container is unprivileged then skip rootfs pinning
|
||||
*/
|
||||
|
||||
handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
|
||||
if (handler->pinfd == -1)
|
||||
INFO("failed to pin the container's rootfs");
|
||||
if (lxc_list_empty(&handler->conf->id_map)) {
|
||||
handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
|
||||
if (handler->pinfd == -1)
|
||||
INFO("failed to pin the container's rootfs");
|
||||
}
|
||||
|
||||
if (preserve_ns(saved_ns_fd, preserve_mask) < 0)
|
||||
goto out_delete_net;
|
||||
|
Loading…
Reference in New Issue
Block a user