blob: a952f9ddb9a54ef8d64e33498cc71b30a503df82 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
Index: scripts/vserver.functions
===================================================================
--- scripts/vserver.functions (revision 2356)
+++ scripts/vserver.functions (revision 2357)
@@ -805,7 +805,7 @@
_mountVserverInternal "$cfgdir"/fstab.remote $_CHBIND "${CHBIND_OPTS[@]}"
isNamespaceCleanup "$cfgdir" && \
- _namespaceCleanup
+ _namespaceCleanup "$cfgdir"
isAvoidNamespace "$cfgdir" || \
$_SECURE_MOUNT --rbind -n "$vdir" "/"
@@ -1161,26 +1161,39 @@
function _namespaceCleanup
{
- local root=$(readlink -f "$vdir")
- local tmp="$root"
+ local vdir="$1"
+ local root=$($_VSERVER_INFO "$1" VDIR 1)
local -a list
- while [ "$tmp" ]; do
- list=( "${list[@]}" "$tmp" )
- tmp="${tmp%/*}"
+ local -a skip
+ local tmp
+
+ getFileArray skip "$vdir"/namespace-cleanup-skip \
+ "$__CONFDIR"/.defaults/namespace-cleanup-skip || :
+
+ # these are things that have to be accessible post-cleanup
+ for tmp in "$root" "$__SBINDIR" "$__PKGLIBDIR" "$vdir" \
+ "$__PKGSTATEDIR" "${skip[@]}"; do
+ while test -n "$tmp"; do
+ list=( "${list[@]}" "$tmp" )
+ tmp="${tmp%/*}"
+ done
done
+
local -a list_umount
while read dev path opts; do
- [ "$path" ] || continue
- for i in "$root" /dev /proc; do
- [ "${path#$i}" != "$path" ] && continue 2
- done
- for i in "${list[@]}" /; do
- [ "$path" = "$i" ] && continue 2
- done
- list_umount=( "${list_umount[@]}" "$path" )
+ test -n "$path" || continue
+ for i in "$root" /dev /proc; do
+ test "${path#$i}" != "$path" && continue 2
+ done
+ for i in "${list[@]}" /; do
+ test "$path" = "$i" && continue 2
+ done
+ # unmount them in reverse order so mounts further down the tree get unmounted first
+ list_umount=( "$path" "${list_umount[@]}" )
done < /proc/mounts
+ # separate loop to avoid races while reading /proc/mounts
for i in "${list_umount[@]}"; do
- umount -l -n "$i"
+ $_UMOUNT -l -n "$i"
done
}
Index: doc/configuration.xml
===================================================================
--- doc/configuration.xml (revision 2356)
+++ doc/configuration.xml (revision 2357)
@@ -45,6 +45,12 @@
</description>
</boolean>
+ <list id="global-namespace-cleanup-skip" name="namespace-cleanup-skip">
+ <description>
+List of paths to skip during namespace cleanup.
+ </description>
+ </list>
+
<link name="run.rev">
<description>
Path of the vserver run reverse directory. This directory contains
@@ -381,6 +387,14 @@
</description>
</boolean>
+ <list name="namespace-cleanup-skip">
+ <description>
+List of paths to skip during namespace cleanup. This overrides the
+<optionref ref="global-namespace-cleanup-skip">global namespace-cleanup-skip</optionref>
+file.
+ </description>
+ </list>
+
<hash name="schedule">
<description>
[experimental; name is subject of possible change] Contains the
|