cgfsng: add required remount flags

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9566d6742852c527bf5af38af5cbb878dad75705

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index a97310ee085c0f23b313bab66110128af8793a92..53963d1bbb0a08216296102ceac1dbda6cb98918 100644 (file)
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1923,7 +1923,7 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
                                           char *controllerpath, char *cgpath,
                                           const char *container_cgroup)
 {
-       int ret;
+       int ret, remount_flags;
        char *sourcepath;
        int flags = MS_BIND;
 
@@ -1935,6 +1935,9 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
                        return -1;
                }
 
+               remount_flags = add_required_remount_flags(controllerpath,
+                                                          controllerpath,
+                                                          flags | MS_REMOUNT);
                ret = mount(controllerpath, controllerpath, "cgroup",
                            MS_REMOUNT | MS_BIND | MS_RDONLY, NULL);
                if (ret < 0) {
@@ -1959,13 +1962,15 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
        INFO("Mounted \"%s\" onto \"%s\"", h->controllers[0], cgpath);
 
        if (flags & MS_RDONLY) {
-               ret = mount(sourcepath, cgpath, "cgroup",
-                           MS_REMOUNT | flags | MS_RDONLY, NULL);
+               remount_flags = add_required_remount_flags(sourcepath, cgpath,
+                                                          flags | MS_REMOUNT);
+               ret = mount(sourcepath, cgpath, "cgroup", remount_flags, NULL);
                if (ret < 0) {
                        SYSERROR("Failed to remount \"%s\" ro", cgpath);
                        free(sourcepath);
                        return -1;
                }
+               INFO("Remounted %s read-only", cgpath);
        }
 
        free(sourcepath);
@@ -1973,7 +1978,8 @@ static int do_secondstage_mounts_if_needed(int type, struct hierarchy *h,
        return 0;
 }
 
-static int mount_cgroup_cgns_supported(int type, struct hierarchy *h, const char *controllerpath)
+static int cg_mount_in_cgroup_namespace(int type, struct hierarchy *h,
+                                       const char *controllerpath)
 {
         int ret;
         char *controllers = NULL;
@@ -2066,7 +2072,7 @@ static bool cgfsng_mount(void *hdata, const char *root, int type)
                         * will not have CAP_SYS_ADMIN after it has started we
                         * need to mount the cgroups manually.
                         */
-                       r = mount_cgroup_cgns_supported(type, h, controllerpath);
+                       r = cg_mount_in_cgroup_namespace(type, h, controllerpath);
                        free(controllerpath);
                        if (r < 0)
                                goto bad;

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 9b6868940ed51c04a48b8b88271f02a77562858d..31ac3593b75f8c50c1030c40c04d9dd9dfc8d9f9 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -575,7 +575,7 @@ int pin_rootfs(const char *rootfs)
  * NOEXEC etc are honored.
  */
 unsigned long add_required_remount_flags(const char *s, const char *d,
-               unsigned long flags)
+                                        unsigned long flags)
 {
 #ifdef HAVE_STATVFS
        struct statvfs sb;