git.proxmox.com Git - pve-container.git/commit

author	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Mon, 7 Sep 2015 11:40:57 +0000 (13:40 +0200)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Mon, 7 Sep 2015 14:47:05 +0000 (16:47 +0200)
commit	da6298481ea4dfe7d894f42fa105cda015ebe5ce
tree	413153b03dad66d075f5cc7f3b283964f3c7a6cd	tree
parent	1d1c1b4ffd47a5247e3eeab100192e38b28c05ad	commit \| diff

get rid of most of the loop-devices code

-) loop devices are now attached in mountpoint_mount, and
immediately detached in order to set the auto-clear flag

Keeping track of loop-devices is otherweise next to
impossible and a security concern.
We mount the filesystems for the container. We do not
support full loop device access for containers for a simple
reason: once a container detached a loop device, the
startup of another container might reuse it, exposing its
devices to the first container, generating unwatned cross
container access permissions.

Loop devices are also set to auto-clear, so that we do not
need to worry about detaching them when stopping the
container.

src/PVE/LXC.pm		diff \| blob \| blame \| history
src/PVE/LXC/Create.pm		diff \| blob \| blame \| history
src/PVE/VZDump/LXC.pm		diff \| blob \| blame \| history
src/lxc-pve-mount-hook		diff \| blob \| blame \| history
src/lxc-pve-prestart-hook		diff \| blob \| blame \| history