[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] This patch mounts tmpfs on /run iff /run directory exists in libvirt-lxc containers.

Hash: SHA1

We do not want to share /run with containers in order to prevent information
leakage and applications within the containers attempting to communicate with
applications outside of the container.

It uses the same mount options used for /dev.

We also want to bind mount over /var/run directory since this will either be a
 symbolic link to /run but on some installations /run is bind mounted over
/var/run. If we just mount /run we are not guaranteed the /var/run will have
the same content.

Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 88f8a21..4cbe4b9 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -539,6 +519,28 @@ static int lxcContainerMountBasicFS(const char *srcprefix, bool pivotRoot)
                                  "devfs", "/dev", "tmpfs");
             goto cleanup;
+        /* Mount /run with a tmpfs iff it exists. Bind mount /run 
+           over /var/run to make sure they point to the same directory
+        */
+        if ((access("/run", F_OK) == 0)) {
+            VIR_DEBUG("Mount tmpfs on /run type=tmpfs flags=%x, opts=%s",
+                      MS_NOSUID, opts);
+            if (mount("tmpfs", "/run", "tmpfs", MS_NOSUID | MS_NODEV , opts) < 0) {
+                virReportSystemError(errno,
+                                     _("Failed to mount %s on %s type %s"),
+                                     "tmpfs", "/run", "tmpfs");
+                goto cleanup;
+            }
+            VIR_DEBUG("Mount /run on /var/run type=bind");
+            if (mount("/run", "/var/run", "run", MS_BIND , NULL) < 0) {
+                virReportSystemError(errno,
+                                     _("Failed to mount %s on %s"),
+                                     "/run", "/var/run");
+                goto cleanup;
+            }
+        }
     rc = 0;

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]