[meta-virtualization] [PATCH] libvirt: Don't fail when mounting securityfs with containers

Bogdan Purcareata bogdan.purcareata at freescale.com
Mon Sep 30 03:40:02 PDT 2013 

When starting containers under libvirt, the code will automatically
try to mount securityfs in the new mount namespace. Since securityfs
support is not available on all embedded platforms, add runtime check
of its presence in the current running kernel. Based on this, mount
securityfs in libvirt containers.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
---
 .../Don-t-fail-when-mounting-securityfs.patch      | 101 +++++++++++++++++++++
 recipes-extended/libvirt/libvirt_1.1.2.bb          |   3 +-
 2 files changed, 103 insertions(+), 1 deletion(-)
 create mode 100644 recipes-extended/libvirt/libvirt/Don-t-fail-when-mounting-securityfs.patch

diff --git a/recipes-extended/libvirt/libvirt/Don-t-fail-when-mounting-securityfs.patch b/recipes-extended/libvirt/libvirt/Don-t-fail-when-mounting-securityfs.patch
new file mode 100644
index 0000000..865dcb5
--- /dev/null
+++ b/recipes-extended/libvirt/libvirt/Don-t-fail-when-mounting-securityfs.patch
@@ -0,0 +1,101 @@
+From 258c44b56fca2b4095fc1cf76e2a3baf0ce3f33f Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata at freescale.com>
+Date: Wed, 25 Sep 2013 13:19:47 +0300
+Subject: [PATCH] Don't fail when mounting securityfs when it's not supported
+
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
+---
+ src/lxc/lxc_container.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 59 insertions(+)
+
+diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
+index 8abaea0..a44c9ef 100644
+--- a/src/lxc/lxc_container.c
++++ b/src/lxc/lxc_container.c
+@@ -509,6 +509,59 @@ static int lxcContainerChildMountSort(const void *a, const void *b)
+ # define MS_SLAVE                (1<<19)
+ #endif
+ 
++/*
++ * This function attempts to detect kernel support
++ * for a specific filesystem type. This is done by
++ * inspecting /proc/filesystems.
++ */
++static int lxcCheckFSSupport(const char *fs_type)
++{
++    FILE *fp = NULL;
++    int ret = -1;
++    const char *fslist = "/proc/filesystems";
++    char *line = NULL;
++    const char *type;
++
++    if(!fs_type)
++	    return 1;
++
++    VIR_DEBUG("Checking kernel support for %s", fs_type);
++
++    VIR_DEBUG("Open  %s", fslist);
++    if (!(fp = fopen(fslist, "r"))) {
++        if (errno == ENOENT)
++
++        virReportSystemError(errno,
++                             _("Unable to read %s"),
++                             fslist);
++        goto cleanup;
++    }
++
++    while (!feof(fp)) {
++        size_t n;
++        VIR_FREE(line);
++        if (getline(&line, &n, fp) <= 0) {
++            if (feof(fp))
++                break;
++
++            goto cleanup;
++        }
++
++        type = strstr(line, fs_type);
++        if (type) {
++            ret = 1;
++	    goto cleanup;
++	}
++    }
++
++    ret = 0;
++
++cleanup:
++    VIR_FREE(line);
++    VIR_FORCE_FCLOSE(fp);
++    return ret;
++}
++
+ static int lxcContainerGetSubtree(const char *prefix,
+                                   char ***mountsret,
+                                   size_t *nmountsret)
+@@ -784,17 +837,23 @@ static int lxcContainerMountBasicFS(void)
+ 
+     for (i = 0; i < ARRAY_CARDINALITY(mnts); i++) {
+         const char *srcpath = NULL;
++	const char *dstpath = NULL;
+ 
+         VIR_DEBUG("Processing %s -> %s",
+                   mnts[i].src, mnts[i].dst);
+ 
+         srcpath = mnts[i].src;
++	dstpath = mnts[i].dst;
+ 
+         /* Skip if mount doesn't exist in source */
+         if ((srcpath[0] == '/') &&
+             (access(srcpath, R_OK) < 0))
+             continue;
+ 
++	if ((access(dstpath, R_OK) < 0) || /* mount is not present on host */
++	    (!lxcCheckFSSupport(mnts[i].type))) /* no fs support in kernel */
++		continue;
++
+ #if WITH_SELINUX
+         if (STREQ(mnts[i].src, SELINUX_MOUNT) &&
+             !is_selinux_enabled())
+-- 
+1.7.11.7
+
diff --git a/recipes-extended/libvirt/libvirt_1.1.2.bb b/recipes-extended/libvirt/libvirt_1.1.2.bb
index cfb406d..240f3d2 100644
--- a/recipes-extended/libvirt/libvirt_1.1.2.bb
+++ b/recipes-extended/libvirt/libvirt_1.1.2.bb
@@ -25,7 +25,8 @@ RCONFLICTS_${PN}_libvirtd = "connman"
 SRC_URI = "http://libvirt.org/sources/libvirt-${PV}.tar.gz \
            file://tools-add-libvirt-net-rpc-to-virt-host-validate-when.patch \
 	   file://libvirtd.sh \
-	   file://libvirtd.conf"
+	   file://libvirtd.conf \
+	   file://Don-t-fail-when-mounting-securityfs.patch"
 
 SRC_URI[md5sum] = "1835bbfa492099bce12e2934870e5611"
 SRC_URI[sha256sum] = "16648af54d3e162f5cc5445d970ec29a0bd55b1dbcb568a05533c4c2f25965e3"
-- 
1.7.11.7

More information about the meta-virtualization mailing list