[libvirt] [PATCH] LXC: mount a fresh /run directory for container

Daniel P. Berrange berrange at redhat.com
Wed Aug 21 09:31:53 UTC 2013


On Wed, Aug 21, 2013 at 04:22:29PM +0800, Gao feng wrote:
> The unix socket file /run/systemd/private is used to
> send reboot/shutdown messages. and since this type of
> unix sockets are not per net namespace , they are
> global resources. systemctl in container can use
> this unix socket to send shutdown message to the
> systemd-shutdownd running on host. finally the
> host will be poweroff.
> 
> this problem occurs when container shares the same
> root directory with host.
> 
> this patch umount host's /run directory and mount
> the /run directory of container as tmpfs.
> 
> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
> ---
>  src/lxc/lxc_container.c | 5 +++++
>  1 file changed, 5 insertions(+)

I don't think we should be doing this by default. IMHO this is something
the mgmt app / admin should take care of it they want to have separate
/run.

You may be preventing access to the systemd socket by doing this, but
equally you can be breaking any number of other valid use cases by
hiding the host's /run

Ultimately user namespace should prevent access to the systemd
sockets for people wanting a secure setup without replacing /run


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list