Skip to content

L
lxc
Commit f2e8fcea by Serge Hallyn Committed by Stéphane Graber
Options

cgfs: make sure we use valid cgroup mountpoints

If lxcfs starts before cgroup-lite, then the first cgroup mountpoints in /proc/self/mountinfo are /run/lxcfs/*. Unprivileged users cannot access these. So privileged containers are ok, and unprivileged containers are ok since they won't cache those to begin with. But unprivileged root-owned containers cache /run/lxcfs/* and then try to use them. So when doing cgroup automounting check whether the mountpoints we have stored are accessible, and if not look for a new one to use. Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
parent e2d97531
Showing with 12 additions and 3 deletions
src/lxc/cgfs.c
...@@ -635,6 +635,11 @@ static struct cgroup_hierarchy *lxc_cgroup_find_hierarchy(struct cgroup_meta_dat ...@@ -635,6 +635,11 @@ static struct cgroup_hierarchy *lxc_cgroup_find_hierarchy(struct cgroup_meta_dat
return NULL; return NULL;
} }
static bool mountpoint_is_accessible(struct cgroup_mount_point *mp)
{
return mp && access(mp->mount_point, F_OK) == 0;
}
static struct cgroup_mount_point *lxc_cgroup_find_mount_point(struct cgroup_hierarchy *hierarchy, const char *group, bool should_be_writable) static struct cgroup_mount_point *lxc_cgroup_find_mount_point(struct cgroup_hierarchy *hierarchy, const char *group, bool should_be_writable)
{ {
struct cgroup_mount_point **mps; struct cgroup_mount_point **mps;
...@@ -642,9 +647,9 @@ static struct cgroup_mount_point *lxc_cgroup_find_mount_point(struct cgroup_hier ...@@ -642,9 +647,9 @@ static struct cgroup_mount_point *lxc_cgroup_find_mount_point(struct cgroup_hier
ssize_t quality = -1; ssize_t quality = -1;
/* trivial case */ /* trivial case */
if (hierarchy->rw_absolute_mount_point) if (mountpoint_is_accessible(hierarchy->rw_absolute_mount_point))
return hierarchy->rw_absolute_mount_point; return hierarchy->rw_absolute_mount_point;
if (!should_be_writable && hierarchy->ro_absolute_mount_point) if (!should_be_writable && mountpoint_is_accessible(hierarchy->ro_absolute_mount_point))
return hierarchy->ro_absolute_mount_point; return hierarchy->ro_absolute_mount_point;
for (mps = hierarchy->all_mount_points; mps && *mps; mps++) { for (mps = hierarchy->all_mount_points; mps && *mps; mps++) {
...@@ -654,6 +659,9 @@ static struct cgroup_mount_point *lxc_cgroup_find_mount_point(struct cgroup_hier ...@@ -654,6 +659,9 @@ static struct cgroup_mount_point *lxc_cgroup_find_mount_point(struct cgroup_hier
if (prefix_len == 1 && mp->mount_prefix[0] == '/') if (prefix_len == 1 && mp->mount_prefix[0] == '/')
prefix_len = 0; prefix_len = 0;
if (!mountpoint_is_accessible(mp))
continue;
if (should_be_writable && mp->read_only) if (should_be_writable && mp->read_only)
continue; continue;
...@@ -1392,8 +1400,9 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type) ...@@ -1392,8 +1400,9 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char *root, int type)
for (info = base_info; info; info = info->next) { for (info = base_info; info; info = info->next) {
size_t subsystem_count, i; size_t subsystem_count, i;
struct cgroup_mount_point *mp = info->designated_mount_point; struct cgroup_mount_point *mp = info->designated_mount_point;
if (!mp) if (!mountpoint_is_accessible(mp))
mp = lxc_cgroup_find_mount_point(info->hierarchy, info->cgroup_path, true); mp = lxc_cgroup_find_mount_point(info->hierarchy, info->cgroup_path, true);
if (!mp) { if (!mp) {
SYSERROR("could not find original mount point for cgroup hierarchy while trying to mount cgroup filesystem"); SYSERROR("could not find original mount point for cgroup hierarchy while trying to mount cgroup filesystem");
goto out_error; goto out_error;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment