conf: tweak rootfs handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: tweak rootfs handling
c119f018 · Christian Brauner · f6c5aab0 · c119f018
Unverified Commit c119f018 authored May 12, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 23 deletions

conf.c src/lxc/conf.c +20 -23

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -543,31 +543,25 @@ int lxc_rootfs_init(struct lxc_conf *conf, bool userns)
 			return syserror_set(-EINVAL, "Idmapped rootfs currently only supports the \"dir\" storage driver");
 	}
-	if (rootfs->path) {
+	if (!rootfs->path)
-		if (rootfs->bdev_type) {
+		return log_trace(0, "Not pinning because container does not have a rootfs");
-			if (strequal(rootfs->bdev_type, "overlay") || strequal(rootfs->bdev_type, "overlayfs"))
-				return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem");
-			if (strequal(rootfs->bdev_type, "zfs"))
-				return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem");
-		}
-		dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0);
+	if (userns)
-	} else {
+		return log_trace(0, "Not pinning because container runs in user namespace");
-		dfd_path = open_at(-EBADF, "/", PROTECT_OPATH_FILE, PROTECT_LOOKUP_ABSOLUTE, 0);
-	}
-	if (dfd_path < 0)
-		return syserror("Failed to open \"%s\"", rootfs->path);
-	if (!rootfs->path) {
+	if (rootfs->bdev_type) {
-		TRACE("Not pinning because container does not have a rootfs");
+		if (strequal(rootfs->bdev_type, "overlay") ||
-		goto out;
+		    strequal(rootfs->bdev_type, "overlayfs"))
-	}
+			return log_trace_errno(0, EINVAL, "Not pinning on stacking filesystem");
-	if (userns) {
+		if (strequal(rootfs->bdev_type, "zfs"))
-		TRACE("Not pinning because container runs in user namespace");
+			return log_trace_errno(0, EINVAL, "Not pinning on ZFS filesystem");
-		goto out;
 	}
+	dfd_path = open_at(-EBADF, rootfs->path, PROTECT_OPATH_FILE, 0, 0);
+	if (dfd_path < 0)
+		return syserror("Failed to open \"%s\"", rootfs->path);
 	ret = fstat(dfd_path, &st);
 	if (ret < 0)
 		return log_trace_errno(-errno, errno, "Failed to retrieve file status");
@@ -735,6 +729,8 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
 		ret = mkdirat(rootfs->dfd_mnt, "proc" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
 		if (ret < 0 && errno != EEXIST)
 			return syserror("Failed to create procfs mountpoint under %d", rootfs->dfd_mnt);
+		TRACE("Created procfs mountpoint under %d", rootfs->dfd_mnt);
 	}
 	if (flags & LXC_AUTO_SYS_MASK) {
@@ -756,6 +752,8 @@ static int lxc_mount_auto_mounts(struct lxc_handler *handler, int flags)
 		ret = mkdirat(rootfs->dfd_mnt, "sys" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
 		if (ret < 0 && errno != EEXIST)
 			return syserror("Failed to create sysfs mountpoint under %d", rootfs->dfd_mnt);
+		TRACE("Created sysfs mountpoint under %d", rootfs->dfd_mnt);
 	}
        has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf);
@@ -1239,7 +1237,6 @@ static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs,
 		goto reset_umask;
 	}
 	/* If we are running on a devtmpfs mapping, dev/pts may already exist.
 	 * If not, then create it and exit if that fails...
 	 */
@@ -1393,7 +1390,7 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs)
 		if (rootfs->dfd_mnt < 0)
 			return -errno;
-		return 0;
+		return log_trace(0, "Container doesn't use separate rootfs. Opened host's rootfs");
 	}
 	ret = access(rootfs->mount, F_OK);
@@ -1415,7 +1412,7 @@ static int lxc_mount_rootfs(struct lxc_rootfs *rootfs)
 	if (rootfs->dfd_mnt < 0)
 		return -errno;
-	return 0;
+	return log_trace(0, "Container uses separate rootfs. Opened container's rootfs");
 }
 static int lxc_chroot(const struct lxc_rootfs *rootfs)