lxcContainerMountCGroups also mounts a tmpfs that needs to be labeled.

This patch passes down the sec_mount_options to the
lxcContainerMountCGroups function and then mounts the tmpfs with
the correct label.

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 92a3bf9edfbe6e4d1acae5b9e1059c67438132e9..6fdf3593c45196d1c613be2bd008a6eed1dbe91b 100644 (file)
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -1341,9 +1341,11 @@ cleanup:
 
 
 static int lxcContainerMountCGroups(struct lxcContainerCGroup *mounts,
-                                    size_t nmounts)
+                                    size_t nmounts,
+                                    char * sec_mount_options)
 {
     size_t i;
+    char *opts = NULL;
 
     VIR_DEBUG("Mounting cgroups at '%s'", VIR_CGROUP_SYSFS_MOUNT);
 
@@ -1354,12 +1356,20 @@ static int lxcContainerMountCGroups(struct lxcContainerCGroup *mounts,
         return -1;
     }
 
-    if (mount("tmpfs", VIR_CGROUP_SYSFS_MOUNT, "tmpfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, "mode=755") < 0) {
+    if (virAsprintf(&opts,
+                    "mode=755,size=65536%s",(sec_mount_options ? sec_mount_options : "")) < 0 ) {
+        virReportOOMError();
+        return -1;
+    }
+
+    if (mount("tmpfs", VIR_CGROUP_SYSFS_MOUNT, "tmpfs", MS_NOSUID|MS_NODEV|MS_NOEXEC, opts) < 0) {
+        VIR_FREE(opts);
         virReportSystemError(errno,
                              _("Failed to mount %s on %s type %s"),
                              "tmpfs", VIR_CGROUP_SYSFS_MOUNT, "tmpfs");
         return -1;
     }
+    VIR_FREE(opts);
 
     for (i = 0 ; i < nmounts ; i++) {
         if (mounts[i].linkDest) {
@@ -1433,7 +1443,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
 
     /* Now we can re-mount the cgroups controllers in the
      * same configuration as before */
-    if (lxcContainerMountCGroups(mounts, nmounts) < 0)
+    if (lxcContainerMountCGroups(mounts, nmounts, sec_mount_options) < 0)
         goto cleanup;
 
     /* Mounts /dev/pts */
@@ -1512,7 +1522,7 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef,
 
     /* Now we can re-mount the cgroups controllers in the
      * same configuration as before */
-    if (lxcContainerMountCGroups(mounts, nmounts) < 0)
+    if (lxcContainerMountCGroups(mounts, nmounts, sec_mount_options) < 0)
         goto cleanup;
 
     VIR_DEBUG("Mounting completed");