main/lxc: check that rootfs is not on tmpfs

fixes #4794
author: Natanael Copa <ncopa@alpinelinux.org> 2015-12-15 13:34:10 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2015-12-15 13:34:49 +0000
commit: 5faee4af1cc16293f216fe3b2822055a68fee57f (patch)
tree: 6bf92a7d529c3a37cdd258bcd0a8014db32fc07b /main/lxc/lxc.initd
parent: 7b00bb340005da9cdfa01dd6b1df8b162527aa55 (diff)
download: aports-5faee4af1cc16293f216fe3b2822055a68fee57f.tar.bz2
aports-5faee4af1cc16293f216fe3b2822055a68fee57f.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/main/lxc/lxc.initd b/main/lxc/lxc.initd
index faf6fa9d15..b2c99ec7ff 100644
--- a/main/lxc/lxc.initd
+++ b/main/lxc/lxc.initd
@@ -68,6 +68,14 @@ start() {
 	rm -f /var/log/lxc/${CONTAINER}.log
 
 	rootpath=$(lxc_get_var lxc.rootfs)
+	# verify that container is not on tmpfs
+	dev=$(df -P "${rootpath}" | awk '{d=$1}; END {print d}')
+	type=$(awk -v dev="$dev" '$1 == dev {m=$3}; END {print m}' /proc/mounts)
+	if [ "$type" = tmpfs ] && ! yesno "$ALLOW_TMPFS"; then
+		eerror "${rootpath} is on tmpfs and ALLOW_TMPFS is not set"
+		return 1
+	fi
+
 	checkpath -d ${pidfile%/*}
 	ebegin "Starting container ${CONTAINER}"
 	start-stop-daemon --start $command \
author	Natanael Copa <ncopa@alpinelinux.org>	2015-12-15 13:34:10 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2015-12-15 13:34:49 +0000
commit	5faee4af1cc16293f216fe3b2822055a68fee57f (patch)
tree	6bf92a7d529c3a37cdd258bcd0a8014db32fc07b /main/lxc/lxc.initd
parent	7b00bb340005da9cdfa01dd6b1df8b162527aa55 (diff)
download	aports-5faee4af1cc16293f216fe3b2822055a68fee57f.tar.bz2 aports-5faee4af1cc16293f216fe3b2822055a68fee57f.tar.xz