From e0c8855867b71eb0106a312e84389389cee395d7 Mon Sep 17 00:00:00 2001 From: tanyifeng Date: Tue, 26 Feb 2019 17:21:18 +0800 Subject: [PATCH 062/122] setup sysctls before set read-only path and masked path Signed-off-by: tanyifeng Signed-off-by: LiFeng --- src/lxc/conf.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index c2f3cf5..e139dff 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -3039,7 +3039,7 @@ int setup_sysctl_parameters(struct lxc_list *sysctls) ret = lxc_write_to_file(filename, elem->value, strlen(elem->value), false, 0666); if (ret < 0) { - ERROR("Failed to setup sysctl parameters %s to %s", + SYSERROR("Failed to setup sysctl parameters %s to %s", elem->key, elem->value); return -1; } @@ -4201,22 +4201,6 @@ int lxc_setup(struct lxc_handler *handler) if (ret < 0) goto on_error; - //isulad: setup rootfs masked paths - if (!lxc_list_empty(&lxc_conf->rootfs.maskedpaths)) { - if (setup_rootfs_maskedpaths(&lxc_conf->rootfs.maskedpaths)) { - ERROR("failed to setup maskedpaths"); - goto on_error; - } - } - - // isulad: setup rootfs ro paths - if (!lxc_list_empty(&lxc_conf->rootfs.ropaths)) { - if (setup_rootfs_ropaths(&lxc_conf->rootfs.ropaths)) { - ERROR("failed to setup readonlypaths"); - goto on_error; - } - } - /*isulad: set system umask */ umask(lxc_conf->umask); @@ -4238,6 +4222,22 @@ int lxc_setup(struct lxc_handler *handler) } } + // isulad: setup rootfs masked paths + if (!lxc_list_empty(&lxc_conf->rootfs.maskedpaths)) { + if (setup_rootfs_maskedpaths(&lxc_conf->rootfs.maskedpaths)) { + ERROR("failed to setup maskedpaths"); + goto on_error; + } + } + + // isulad: setup rootfs ro paths + if (!lxc_list_empty(&lxc_conf->rootfs.ropaths)) { + if (setup_rootfs_ropaths(&lxc_conf->rootfs.ropaths)) { + ERROR("failed to setup readonlypaths"); + goto on_error; + } + } + if (!lxc_list_empty(&lxc_conf->keepcaps)) { if (!lxc_list_empty(&lxc_conf->caps)) { ERROR("Container requests lxc.cap.drop and " -- 1.8.3.1