always remount / rslave before running creation template (if root)

If we're not root, our mounts in private userns won't get pushed back anyway. If we are root, we need to make sure that anything the template does gets cleaned up. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

always remount / rslave before running creation template (if root)
4de2791f · Serge Hallyn · 0779c6f9 · 4de2791f
Commit 4de2791f authored Nov 01, 2013 by Serge Hallyn
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 1 deletion

lxccontainer.c src/lxc/lxccontainer.c +14 -1

No files found.
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -24,6 +24,7 @@
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/mount.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sched.h>
@@ -833,11 +834,23 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
 			exit(1);
 		}
-		if (strcmp(bdev->type, "dir") != 0) {
+		if (geteuid() == 0) {
 			if (unshare(CLONE_NEWNS) < 0) {
 				ERROR("error unsharing mounts");
 				exit(1);
 			}
+			if (detect_shared_rootfs()) {
+				if (mount("", "", NULL, MS_SLAVE|MS_REC, 0)) {
+					SYSERROR("Failed to make / rslave to run template");
+					ERROR("Continuing...");
+				}
+			}
+		}
+		if (strcmp(bdev->type, "dir") != 0) {
+			if (geteuid() != 0) {
+				ERROR("non-root users can only create directory-backed containers");
+				exit(1);
+			}
 			if (bdev->ops->mount(bdev) < 0) {
 				ERROR("Error mounting rootfs");
 				exit(1);