From 1f0a3b6e48bf84a1405affeb52b8cdb4b19fcfce Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 6 Apr 2021 10:30:38 +0200
Subject: [PATCH] conf: fix setups where /dev is outside of LXC's control

Fixes: #3770
Suggested-by: Ruben Jenster <r.jenster@drachenfels.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/conf.c | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 37bf28d342..11c177b865 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3457,12 +3457,6 @@ int lxc_setup(struct lxc_handler *handler)
 			return log_error(-1, "Failed to mount \"/dev\"");
 	}
 
-	lxc_conf->rootfs.dfd_dev = open_at(lxc_conf->rootfs.dfd_mnt, "dev",
-					        PROTECT_OPATH_DIRECTORY,
-						PROTECT_LOOKUP_BENEATH_XDEV, 0);
-	if (lxc_conf->rootfs.dfd_dev < 0 && errno != ENOENT)
-		return log_error_errno(-errno, errno, "Failed to open \"/dev\"");
-
 	/* Do automatic mounts (mainly /proc and /sys), but exclude those that
 	 * need to wait until other stuff has finished.
 	 */
@@ -3481,6 +3475,11 @@ int lxc_setup(struct lxc_handler *handler)
 			return log_error(-1, "Failed to setup mount entries");
 	}
 
+	lxc_conf->rootfs.dfd_dev = open_at(lxc_conf->rootfs.dfd_mnt, "dev",
+					   PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH_XDEV, 0);
+	if (lxc_conf->rootfs.dfd_dev < 0 && errno != ENOENT)
+		return log_error_errno(-errno, errno, "Failed to open \"/dev\"");
+
 	if (lxc_conf->is_execute) {
 		if (execveat_supported()) {
 			int fd;