skip rootfs pinning for unprivileged containers

This is perfectly safe since you cannot unmount the host fs from a child userns. Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

skip rootfs pinning for unprivileged containers
5e32a990 · S.Çağlar Onur · Serge Hallyn · e8d07ef2 · 5e32a990
Commit 5e32a990 authored Jan 16, 2014 by S.Çağlar Onur Committed by Serge Hallyn Jan 16, 2014
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 4 deletions

start.c src/lxc/start.c +7 -4

No files found.
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -763,11 +763,14 @@ static int lxc_spawn(struct lxc_handler *handler)
 	/*
 	 * if the rootfs is not a blockdev, prevent the container from
 	 * marking it readonly.
+	 *
+	 * if the container is unprivileged then skip rootfs pinning
 	 */
+	if (lxc_list_empty(&handler->conf->id_map)) {
-	handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
+		handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
-	if (handler->pinfd == -1)
+		if (handler->pinfd == -1)
-		INFO("failed to pin the container's rootfs");
+			INFO("failed to pin the container's rootfs");
+	}
 	if (preserve_ns(saved_ns_fd, preserve_mask) < 0)
 		goto out_delete_net;