[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] Ensure root filesystem is recursively mounted readonly



On 09/09/2013 09:30 AM, Daniel P. Berrange wrote:
> From: "Daniel P. Berrange" <berrange redhat com>
> 
> If the guest is configured with
> 
>     <filesystem type='mount'>
>       <source dir='/'/>
>       <target dir='/'/>
>       <readonly/>
>     </filesystem>
> 
> Then any submounts under / should also end up readonly. eg if
> the user has /home on a separate volume, they'd expect /home
> to be readonly.
> 
> Users can selectively make sub-mounts read-write again by
> simply listing them as new mounts without the <readonly>
> flag set
> 
>     <filesystem type='mount'>
>       <source dir='/home'/>
>       <target dir='/home'/>
>     </filesystem>
> 
> Signed-off-by: Daniel P. Berrange <berrange redhat com>
> ---
>  src/lxc/lxc_container.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++--
>  1 file changed, 73 insertions(+), 2 deletions(-)
> 

ACK.

> +    while (getmntent_r(procmnt, &mntent, mntbuf, sizeof(mntbuf)) != NULL) {
> +        if (STREQ(mntent.mnt_dir, "/") ||
> +            STRPREFIX(mntent.mnt_dir, "/.oldroot"))

Is this safe, or do you want to check against /.oldroot/ to ensure that
you filter out something like /.oldroot-fake?

> +            continue;
> +
> +        if (VIR_REALLOC_N(mounts, nmounts+1) < 0)

space around +; also, would VIR_EXPAND work nicer than VIR_REALLOC_N?

> +
> +    for (i = 0 ; i < nmounts ; i++) {

Looks unusual to have space before ';' inside the 'for' setup; is there
a syntax check to enforce a consistent style?

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]