mirror of
https://git.proxmox.com/git/mirror_lxc
synced 2025-08-15 22:51:24 +00:00
allow overlay lxc.mount.entry with no rootfs
Allow lxc.mount.entry entries for containers without a rootfs. Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
This commit is contained in:
Christian Brauner
parent
8d1b71bb81
commit
9769034f65
@ -353,6 +353,7 @@ int aufs_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
|
|||||||
const char *lxc_name, const char *lxc_path)
|
const char *lxc_name, const char *lxc_path)
|
||||||
{
|
{
|
||||||
char lxcpath[MAXPATHLEN];
|
char lxcpath[MAXPATHLEN];
|
||||||
|
char *rootfs_path = NULL;
|
||||||
char *rootfsdir = NULL;
|
char *rootfsdir = NULL;
|
||||||
char *scratch = NULL;
|
char *scratch = NULL;
|
||||||
char *tmp = NULL;
|
char *tmp = NULL;
|
||||||
@ -365,11 +366,9 @@ int aufs_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
|
|||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
size_t rootfslen = 0;
|
size_t rootfslen = 0;
|
||||||
|
|
||||||
/* Since we use all of these to check whether the user has given us a
|
/* When rootfs == NULL we have a container without a rootfs. */
|
||||||
* sane absolute path to create the directories needed for overlay
|
if (rootfs && rootfs->path)
|
||||||
* lxc.mount.entry entries we consider any of these missing fatal. */
|
rootfs_path = rootfs->path;
|
||||||
if (!rootfs || !rootfs->path || !lxc_name || !lxc_path)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
opts = lxc_string_split(mntent->mnt_opts, ',');
|
opts = lxc_string_split(mntent->mnt_opts, ',');
|
||||||
if (opts)
|
if (opts)
|
||||||
@ -388,6 +387,7 @@ int aufs_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
|
|||||||
if (!upperdir)
|
if (!upperdir)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
|
if (rootfs_path) {
|
||||||
ret = snprintf(lxcpath, MAXPATHLEN, "%s/%s", lxc_path, lxc_name);
|
ret = snprintf(lxcpath, MAXPATHLEN, "%s/%s", lxc_path, lxc_name);
|
||||||
if (ret < 0 || ret >= MAXPATHLEN)
|
if (ret < 0 || ret >= MAXPATHLEN)
|
||||||
goto err;
|
goto err;
|
||||||
@ -395,14 +395,21 @@ int aufs_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
|
|||||||
rootfsdir = aufs_get_rootfs(rootfs->path, &rootfslen);
|
rootfsdir = aufs_get_rootfs(rootfs->path, &rootfslen);
|
||||||
if (!rootfsdir)
|
if (!rootfsdir)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
/* We neither allow users to create upperdirs outside the containerdir
|
|
||||||
* nor inside the rootfs. The latter might be debatable. */
|
|
||||||
if ((strncmp(upperdir, lxcpath, strlen(lxcpath)) == 0) && (strncmp(upperdir, rootfsdir, rootfslen) != 0))
|
|
||||||
if (mkdir_p(upperdir, 0755) < 0) {
|
|
||||||
WARN("Failed to create upperdir");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* We neither allow users to create upperdirs and workdirs outside the
|
||||||
|
* containerdir nor inside the rootfs. The latter might be debatable.
|
||||||
|
* When we have a container without a rootfs we skip the checks.
|
||||||
|
*/
|
||||||
|
ret = 0;
|
||||||
|
if (!rootfs_path)
|
||||||
|
ret = mkdir_p(upperdir, 0755);
|
||||||
|
else if ((strncmp(upperdir, lxcpath, strlen(lxcpath)) == 0) && (strncmp(upperdir, rootfsdir, rootfslen) != 0))
|
||||||
|
ret = mkdir_p(upperdir, 0755);
|
||||||
|
if (ret < 0)
|
||||||
|
WARN("Failed to create upperdir");
|
||||||
|
|
||||||
fret = 0;
|
fret = 0;
|
||||||
|
|
||||||
err:
|
err:
|
||||||
|
|||||||
@ -42,6 +42,9 @@ struct bdev_specs;
|
|||||||
/* defined conf.h */
|
/* defined conf.h */
|
||||||
struct lxc_conf;
|
struct lxc_conf;
|
||||||
|
|
||||||
|
/* defined in conf.h */
|
||||||
|
struct lxc_rootfs;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Functions associated with an aufs bdev struct.
|
* Functions associated with an aufs bdev struct.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -477,6 +477,7 @@ int ovl_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
|
|||||||
const char *lxc_name, const char *lxc_path)
|
const char *lxc_name, const char *lxc_path)
|
||||||
{
|
{
|
||||||
char lxcpath[MAXPATHLEN];
|
char lxcpath[MAXPATHLEN];
|
||||||
|
char *rootfs_path = NULL;
|
||||||
char *rootfsdir = NULL;
|
char *rootfsdir = NULL;
|
||||||
char *upperdir = NULL;
|
char *upperdir = NULL;
|
||||||
char *workdir = NULL;
|
char *workdir = NULL;
|
||||||
@ -489,11 +490,9 @@ int ovl_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
|
|||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
size_t rootfslen = 0;
|
size_t rootfslen = 0;
|
||||||
|
|
||||||
/* Since we use all of these to check whether the user has given us a
|
/* When rootfs == NULL we have a container without a rootfs. */
|
||||||
* sane absolute path to create the directories needed for overlay
|
if (rootfs && rootfs->path)
|
||||||
* lxc.mount.entry entries we consider any of these missing fatal. */
|
rootfs_path = rootfs->path;
|
||||||
if (!rootfs || !rootfs->path || !lxc_name || !lxc_path)
|
|
||||||
goto err;
|
|
||||||
|
|
||||||
opts = lxc_string_split(mntent->mnt_opts, ',');
|
opts = lxc_string_split(mntent->mnt_opts, ',');
|
||||||
if (opts)
|
if (opts)
|
||||||
@ -508,29 +507,40 @@ int ovl_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs,
|
|||||||
workdir = opts[i] + len;
|
workdir = opts[i] + len;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (rootfs_path) {
|
||||||
ret = snprintf(lxcpath, MAXPATHLEN, "%s/%s", lxc_path, lxc_name);
|
ret = snprintf(lxcpath, MAXPATHLEN, "%s/%s", lxc_path, lxc_name);
|
||||||
if (ret < 0 || ret >= MAXPATHLEN)
|
if (ret < 0 || ret >= MAXPATHLEN)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
rootfsdir = ovl_get_rootfs(rootfs->path, &rootfslen);
|
rootfsdir = ovl_get_rootfs(rootfs_path, &rootfslen);
|
||||||
if (!rootfsdir)
|
if (!rootfsdir)
|
||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
dirlen = strlen(lxcpath);
|
dirlen = strlen(lxcpath);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* We neither allow users to create upperdirs and workdirs outside the
|
* We neither allow users to create upperdirs and workdirs outside the
|
||||||
* containerdir nor inside the rootfs. The latter might be debatable.
|
* containerdir nor inside the rootfs. The latter might be debatable.
|
||||||
|
* When we have a container without a rootfs we skip the checks.
|
||||||
*/
|
*/
|
||||||
if (upperdir)
|
ret = 0;
|
||||||
if ((strncmp(upperdir, lxcpath, dirlen) == 0) && (strncmp(upperdir, rootfsdir, rootfslen) != 0))
|
if (upperdir) {
|
||||||
if (mkdir_p(upperdir, 0755) < 0) {
|
if (!rootfs_path)
|
||||||
|
ret = mkdir_p(upperdir, 0755);
|
||||||
|
else if ((strncmp(upperdir, lxcpath, dirlen) == 0) && (strncmp(upperdir, rootfsdir, rootfslen) != 0))
|
||||||
|
ret = mkdir_p(upperdir, 0755);
|
||||||
|
if (ret < 0)
|
||||||
WARN("Failed to create upperdir");
|
WARN("Failed to create upperdir");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (workdir)
|
ret = 0;
|
||||||
if ((strncmp(workdir, lxcpath, dirlen) == 0) && (strncmp(workdir, rootfsdir, rootfslen) != 0))
|
if (workdir) {
|
||||||
if (mkdir_p(workdir, 0755) < 0) {
|
if (!rootfs_path)
|
||||||
|
ret = mkdir_p(workdir, 0755);
|
||||||
|
else if ((strncmp(workdir, lxcpath, dirlen) == 0) && (strncmp(workdir, rootfsdir, rootfslen) != 0))
|
||||||
|
ret = mkdir_p(workdir, 0755);
|
||||||
|
if (ret < 0)
|
||||||
WARN("Failed to create workdir");
|
WARN("Failed to create workdir");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user