F OpenNebula/one#5429: Fix rootfs not being ro

2025-03-29 18:50:08 +03:00 · 2022-02-22 08:23:03 -06:00 · 2022-02-22 08:23:03 -06:00 · fbcae3dadf
commit fbcae3dadf
parent d782f9028a
2 changed files with 23 additions and 8 deletions
--- a/src/vmm_mad/remotes/lib/lxc/container.rb
+++ b/src/vmm_mad/remotes/lib/lxc/container.rb
@ -56,8 +56,11 @@ class Container
        error   = false
        mounted = []

+        lxcrc = @one.lxcrc
+        lxcrc.merge!(:id_map => 0) if @one.privileged?
+
        @one.disks.each do |disk|
-            if disk.mount(@one.lxcrc)
+            if disk.mount(lxcrc)
                mounted << disk
            else
                error = true
--- a/src/vmm_mad/remotes/lib/lxc/opennebula_vm.rb
+++ b/src/vmm_mad/remotes/lib/lxc/opennebula_vm.rb
@ -133,7 +133,7 @@ class LXCVM < OpenNebulaVM
        # User mapping
        # rubocop:disable Layout/LineLength

-        if @xml['/VM/USER_TEMPLATE/LXC_UNPRIVILEGED'].casecmp('NO').zero?
+        if privileged?
            @lxcrc[:id_map] = 0

            lxc['lxc.include'] << "#{@lxcrc[:profiles_location]}/profile_privileged"
@ -182,6 +182,10 @@ class LXCVM < OpenNebulaVM
        adisks
    end

+    def privileged?
+        @xml['/VM/USER_TEMPLATE/LXC_UNPRIVILEGED'].casecmp('NO').zero?
+    end
+
    private

    # Returns the config in LXC style format
@ -323,10 +327,13 @@ class Disk
                "#{@bindpoint} context none ro,rbind,create=dir,optional 0 0" }

        when :rootfs
-            ropt = @lxcrc_mopts[:rootfs]
+            ropt = []
+
+            ropt << 'ro' if @read_only
+            ropt << @lxcrc_mopts[:rootfs]

            root = { 'lxc.rootfs.path' => @bindpoint }
-            root['lxc.rootfs.options'] = ropt unless ropt.nil? || ropt.empty?
+            root['lxc.rootfs.options'] = opt_sanitize(ropt) unless ropt.empty?

            root

@ -336,16 +343,13 @@ class Disk
            opts << 'ro' if @read_only
            opts << @lxcrc_mopts[:disk]

-            opts.delete_if {|o| o.nil? || o.empty? }
-            opt_str = opts.join(',')
-
            path  = @xml['TARGET']

            point = @lxcrc_mopts[:mountpoint].sub('$id', @id.to_s)
            point = path[1..-1] unless path.empty? || path[0] != '/'

            { 'lxc.mount.entry' =>
-                "#{@bindpoint} #{point} none #{opt_str} 0 0" }
+                "#{@bindpoint} #{point} none #{opt_sanitize(opts)} 0 0" }
        else
            raise 'invalid disk type'
        end
@ -397,6 +401,14 @@ class Disk
        @bindpoint = "#{LXCVM::CONTAINER_FS_PATH}/#{@vm_id}/disk.#{@id}"
    end

+    # Returns a , separated list of options. Removes empty or nil elements
+    def opt_sanitize(opts)
+        return unless opts.class == Array
+
+        opts.delete_if {|o| o.nil? || o.empty? }
+        opts.join(',')
+    end
+
    # Returns the associated linux device for the mountpoint
    def find_device
        sys_parts = Storage.lsblk('')