[pve-devel] [PATCH pve-container] Setup: fix bad /dev bindmount

Wolfgang Bumiller w.bumiller at proxmox.com
Mon Nov 2 11:17:24 CET 2015


Hotplug changes will create a Setup instance with a rootdir
of /proc/$pid/root. Bindmounts on directories inside there
are broken.

Also the exitstatus of Setup::protected_call used the wrong
process' $?.
---
 src/PVE/LXC/Setup.pm | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/PVE/LXC/Setup.pm b/src/PVE/LXC/Setup.pm
index abf696d..5ebda97 100644
--- a/src/PVE/LXC/Setup.pm
+++ b/src/PVE/LXC/Setup.pm
@@ -71,12 +71,15 @@ sub protected_call {
     my $child = fork();
     die "fork failed: $!\n" if !defined($child);
 
+    # can't bind to /proc/$pid/root/dev, it'll bind to the host's /dev
+    my $mountdev = ($rootdir !~ m@^/proc@);
+
     if (!$child) {
 	# avoid recursive forks
 	$self->{in_chroot} = 1;
 	$self->{plugin}->{in_chroot} = 1;
 	eval {
-	    PVE::Tools::run_command(['mount', '--bind', '/dev', "$rootdir/dev"]);
+	    PVE::Tools::run_command(['mount', '--bind', '/dev', "$rootdir/dev"]) if $mountdev;
 	    chroot($rootdir) or die "failed to change root to: $rootdir: $!\n";
 	    chdir('/') or die "failed to change to root directory\n";
 	    $sub->();
@@ -88,9 +91,12 @@ sub protected_call {
 	POSIX::_exit(0);
     }
     while (waitpid($child, 0) != $child) {}
-    eval { PVE::Tools::run_command(['umount', "$rootdir/dev"]); };
-    warn $@ if $@;
-    return $? == 0;
+    my $status = $? == 0;
+    if ($mountdev) {
+	eval { PVE::Tools::run_command(['umount', "$rootdir/dev"]); };
+	warn $@ if $@;
+    }
+    return $status;
 }
 
 sub template_fixup {
-- 
2.1.4




More information about the pve-devel mailing list