~serge-hallyn/ubuntu/quantal/lxc/lxc-guest-start-roroot

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
Index: lxc/src/lxc/conf.c
===================================================================
--- lxc.orig/src/lxc/conf.c	2012-09-05 11:29:37.360312431 -0500
+++ lxc/src/lxc/conf.c	2012-09-06 10:24:56.783811342 -0500
@@ -879,33 +879,45 @@
 static int setup_pts(int pts)
 {
 	char target[PATH_MAX];
+	char t1[PATH_MAX], t2[PATH_MAX];
+	int ret;
 
 	if (!pts)
 		return 0;
 
+	ret = snprintf(t1, PATH_MAX, "%s/dev/pts");
+	if (ret < 0)
+		return -1;
+	ret = snprintf(t2, PATH_MAX, "%s/dev/pts/ptmx");
+	if (ret < 0)
+		return -1;
+	ret = snprintf(t3, PATH_MAX, "%s/dev/ptmx");
+	if (ret < 0)
+		return -1;
 	if (!access("/dev/pts/ptmx", F_OK) && umount("/dev/pts")) {
+	if (!access(t2, F_OK) && umount(t1)) {
 		SYSERROR("failed to umount 'dev/pts'");
 		return -1;
 	}
 
-	if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL,
+	if (mount("devpts", t1, "devpts", MS_MGC_VAL,
 		  "newinstance,ptmxmode=0666")) {
 		SYSERROR("failed to mount a new instance of '/dev/pts'");
 		return -1;
 	}
 
-	if (access("/dev/ptmx", F_OK)) {
-		if (!symlink("/dev/pts/ptmx", "/dev/ptmx"))
+	if (access(t3, F_OK)) {
+		if (!symlink(t2, t3))
 			goto out;
 		SYSERROR("failed to symlink '/dev/pts/ptmx'->'/dev/ptmx'");
 		return -1;
 	}
 
-	if (realpath("/dev/ptmx", target) && !strcmp(target, "/dev/pts/ptmx"))
+	if (realpath(t3, target) && !strcmp(target, t2))
 		goto out;
 
 	/* fallback here, /dev/pts/ptmx exists just mount bind */
-	if (mount("/dev/pts/ptmx", "/dev/ptmx", "none", MS_BIND, 0)) {
+	if (mount(t2, t3, "none", MS_BIND, 0)) {
 		SYSERROR("mount failed '/dev/pts/ptmx'->'/dev/ptmx'");
 		return -1;
 	}
@@ -2224,13 +2236,22 @@
 		lxc_conf->umount_proc = 1;
 	}
 
-	if (setup_pivot_root(&lxc_conf->rootfs)) {
-		ERROR("failed to set rootfs for '%s'", name);
+	if (setup_pts(lxc_conf->rootfs, lxc_conf->pts)) {
+		ERROR("failed to setup the new pts instance");
 		return -1;
 	}
 
-	if (setup_pts(lxc_conf->pts)) {
-		ERROR("failed to setup the new pts instance");
+	if (lxc_conf->rootfs.ro) {
+		if (mount("/", "/",
+			"none", MS_BIND | MS_REMOUNT | MS_RDONLY, NULL)) {
+			SYSERROR("failed to remount rootfs readonly");
+			return -1;
+		}
+		DEBUG("remounted rootfs readonly");
+	}
+
+	if (setup_pivot_root(&lxc_conf->rootfs)) {
+		ERROR("failed to set rootfs for '%s'", name);
 		return -1;
 	}
 
Index: lxc/src/lxc/conf.h
===================================================================
--- lxc.orig/src/lxc/conf.h	2012-09-05 10:06:17.065918000 -0500
+++ lxc/src/lxc/conf.h	2012-09-05 22:22:53.668805876 -0500
@@ -181,6 +181,7 @@
 	char *path;
 	char *mount;
 	char *pivot;
+	int ro;
 };
 
 /*
Index: lxc/src/lxc/confile.c
===================================================================
--- lxc.orig/src/lxc/confile.c	2012-09-05 10:06:17.065918000 -0500
+++ lxc/src/lxc/confile.c	2012-09-05 23:10:48.863278328 -0500
@@ -54,6 +54,7 @@
 static int config_cgroup(const char *, char *, struct lxc_conf *);
 static int config_mount(const char *, char *, struct lxc_conf *);
 static int config_rootfs(const char *, char *, struct lxc_conf *);
+static int config_rootfs_ro(const char *, char *, struct lxc_conf *);
 static int config_rootfs_mount(const char *, char *, struct lxc_conf *);
 static int config_pivotdir(const char *, char *, struct lxc_conf *);
 static int config_utsname(const char *, char *, struct lxc_conf *);
@@ -90,6 +91,7 @@
 	{ "lxc.cgroup",               config_cgroup               },
 	{ "lxc.mount",                config_mount                },
 	{ "lxc.rootfs.mount",         config_rootfs_mount         },
+	{ "lxc.rootfs.ro",            config_rootfs_ro            },
 	{ "lxc.rootfs",               config_rootfs               },
 	{ "lxc.pivotdir",             config_pivotdir             },
 	{ "lxc.utsname",              config_utsname              },
@@ -1052,6 +1054,13 @@
 	return lxc_config_read(value, lxc_conf);
 }
 
+static int config_rootfs_ro(const char *key, char *value, struct lxc_conf *lxc_conf)
+{
+	DEBUG("round rootfs.ro");
+	lxc_conf->rootfs.ro = 1;
+	return 0;
+}
+
 static int config_rootfs(const char *key, char *value, struct lxc_conf *lxc_conf)
 {
 	if (strlen(value) >= MAXPATHLEN) {