LXC: don't try to mount selinux filesystem when user namespace enabled

Right now we mount selinuxfs even user namespace is enabled and
ignore the error. But we shouldn't ignore these errors when user
namespace is not enabled.

This patch skips mounting selinuxfs when user namespace enabled.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index ddc6e3d603b8b4ccf2e7785eea4d3176eae30295..a979452a45d61c33fa5f0ff9e3331ff494ab4cc5 100644 (file)
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -868,7 +868,7 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
 
 #if WITH_SELINUX
         if (STREQ(mnt->src, SELINUX_MOUNT) &&
-            !is_selinux_enabled())
+            (!is_selinux_enabled() || userns_enabled))
             continue;
 #endif
 
@@ -885,12 +885,6 @@ static int lxcContainerMountBasicFS(bool userns_enabled)
         VIR_DEBUG("Mount %s on %s type=%s flags=%x, opts=%s",
                   srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts);
         if (mount(srcpath, mnt->dst, mnt->type, mnt->mflags, mnt->opts) < 0) {
-#if WITH_SELINUX
-            if (STREQ(mnt->src, SELINUX_MOUNT) &&
-                (errno == EINVAL || errno == EPERM))
-                continue;
-#endif
-
             virReportSystemError(errno,
                                  _("Failed to mount %s on %s type %s flags=%x opts=%s"),
                                  srcpath, mnt->dst, NULLSTR(mnt->type),