always remount / rslave before running creation template (if root)

If we're not root, our mounts in private userns won't get pushed back anyway. If we are root, we need to make sure that anything the template does gets cleaned up. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
lxc · Nov 1, 2013 · 4de2791 · 4de2791
1 parent 0779c6f
commit 4de2791
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
@@ -24,6 +24,7 @@
 #include <unistd.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/mount.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <sched.h>
@@ -833,11 +834,23 @@ static bool create_run_template(struct lxc_container *c, char *tpath, bool quiet
 			exit(1);
 		}
 
-		if (strcmp(bdev->type, "dir") != 0) {
+		if (geteuid() == 0) {
 			if (unshare(CLONE_NEWNS) < 0) {
 				ERROR("error unsharing mounts");
 				exit(1);
 			}
+			if (detect_shared_rootfs()) {
+				if (mount("", "", NULL, MS_SLAVE|MS_REC, 0)) {
+					SYSERROR("Failed to make / rslave to run template");
+					ERROR("Continuing...");
+				}
+			}
+		}
+		if (strcmp(bdev->type, "dir") != 0) {
+			if (geteuid() != 0) {
+				ERROR("non-root users can only create directory-backed containers");
+				exit(1);
+			}
 			if (bdev->ops->mount(bdev) < 0) {
 				ERROR("Error mounting rootfs");
 				exit(1);