summary refs log tree commit diff
path: root/pkgs/development/libraries/libvirt/securtyfs_userns.patch
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/development/libraries/libvirt/securtyfs_userns.patch')
-rw-r--r--pkgs/development/libraries/libvirt/securtyfs_userns.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libvirt/securtyfs_userns.patch b/pkgs/development/libraries/libvirt/securtyfs_userns.patch
new file mode 100644
index 000000000000..2723334f94af
--- /dev/null
+++ b/pkgs/development/libraries/libvirt/securtyfs_userns.patch
@@ -0,0 +1,30 @@
+--- a/src/lxc/lxc_container.c
++++ b/src/lxc/lxc_container.c
+@@ -750,7 +750,7 @@ err:
+ }
+ 
+ 
+-static int lxcContainerMountBasicFS(void)
++static int lxcContainerMountBasicFS(bool userns_enabled)
+ {
+     const struct {
+         const char *src;
+@@ -801,6 +801,9 @@ static int lxcContainerMountBasicFS(void)
+             continue;
+ #endif
+ 
++        if (STREQ(mnts[i].src, "securityfs") && userns_enabled)
++            continue;
++
+         if (virFileMakePath(mnts[i].dst) < 0) {
+             virReportSystemError(errno,
+                                  _("Failed to mkdir %s"),
+@@ -1530,7 +1533,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
+         goto cleanup;
+ 
+     /* Mounts the core /proc, /sys, etc filesystems */
+-    if (lxcContainerMountBasicFS() < 0)
++    if (lxcContainerMountBasicFS(vmDef->idmap.nuidmap) < 0)
+         goto cleanup;
+ 
+     /* Mounts /proc/meminfo etc sysinfo */
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 07:21:47 +0000