Set all mounts to MS_SLAVE when starting a container without a rootfs

If the filesystem mounts on the host have the MS_SHARED or MS_SLAVE
flag set, and a container without a rootfs is started, then any new
mounts created inside the container are currently propagated into
the host. In addition to mounts placed in the configuration file of
the container or performed manually after startup, the automatic
mounting of /proc by lxc-execute will propagate back into the host,
effectively crippling the entire system. This can be prevented by
setting the MS_SLAVE flag on all mounts (inside the container's own
mount namespace) during startup if a rootfs is not configured.

Signed-off-by: David Ward <david.ward@ll.mit.edu>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 965a0d2eaf09d59858deaa85046b9de8324a2fa8..6b3f318132ad996d9c31c4c4a39d3cab9386f6bb 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1129,8 +1129,13 @@ static int setup_rootfs(struct lxc_conf *conf)
 {
        const struct lxc_rootfs *rootfs = &conf->rootfs;
 
-       if (!rootfs->path)
+       if (!rootfs->path) {
+               if (mount("", "/", NULL, MS_SLAVE|MS_REC, 0)) {
+                       SYSERROR("Failed to make / rslave");
+                       return -1;
+               }
                return 0;
+       }
 
        if (access(rootfs->mount, F_OK)) {
                SYSERROR("failed to access to '%s', check it is present",