conf: verify_start_hooks() after lxc.mount.entry

Fixes: https://discuss.linuxcontainers.org/t/are-lxc-mount-entry-available-when-lxc-hook-start-is-validated/2906/3
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a45d882918b3909eb5b71b7e4722ea50c26da3e4..710625bb0d66a15fafca98ec4c12545fa15a3248 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3514,7 +3514,6 @@ static bool verify_start_hooks(struct lxc_conf *conf)
 
        lxc_list_for_each (it, &conf->hooks[LXCHOOK_START]) {
                int ret;
-               struct stat st;
                char *hookname = it->elem;
 
                ret = snprintf(path, PATH_MAX, "%s%s",
@@ -3523,9 +3522,9 @@ static bool verify_start_hooks(struct lxc_conf *conf)
                if (ret < 0 || ret >= PATH_MAX)
                        return false;
 
-               ret = stat(path, &st);
+               ret = access(path, X_OK);
                if (ret < 0) {
-                       SYSERROR("Start hook %s not found in container",
+                       SYSERROR("Start hook \"%s\" not found in container",
                                 hookname);
                        return false;
                }
@@ -3604,10 +3603,6 @@ int lxc_setup(struct lxc_handler *handler)
                return -1;
        }
 
-       /* Make sure any start hooks are in the container */
-       if (!verify_start_hooks(lxc_conf))
-               return -1;
-
        if (lxc_conf->is_execute) {
                if (execveat_supported()) {
                        int fd;
@@ -3675,6 +3670,12 @@ int lxc_setup(struct lxc_handler *handler)
                }
        }
 
+       /* Make sure any start hooks are in the container */
+       if (!verify_start_hooks(lxc_conf)) {
+               ERROR("Failed to verify start hooks");
+               return -1;
+       }
+
        ret = lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console,
                                lxc_conf->ttys.dir);
        if (ret < 0) {