diff --git a/src/container.c b/src/container.c index 0938d822..e620f76c 100644 --- a/src/container.c +++ b/src/container.c @@ -579,6 +579,7 @@ static int hyper_setup_container_rootfs(void *data) goto fail; } + sprintf(rootfs, "%s/%s/", root, container->rootfs); if (container->fstype) { char dev[128]; char *options = NULL; @@ -614,10 +615,21 @@ static int hyper_setup_container_rootfs(void *data) sprintf(path, "%s/%s/", SHARED_DIR, container->image); fprintf(stdout, "src directory %s\n", path); - if (mount(path, root, NULL, MS_BIND, NULL) < 0) { - perror("mount src dir failed"); - goto fail; + + if (arg->pod->share_tag == NULL) { + hyper_mkdir(rootfs, 0755); + if (mount("/dev/sda", rootfs, "ext4", MS_MGC_VAL| MS_NODEV, "") < 0) { + perror("mount src dir failed"); + goto fail; + } + } else { + if (mount(path, root, NULL, MS_BIND, NULL) < 0) { + perror("mount src dir failed"); + goto fail; + } } + + if (container->readonly && mount(NULL, root, NULL, MS_BIND | MS_REMOUNT | MS_RDONLY, NULL) < 0) { perror("mount src dir readonly failed"); goto fail; @@ -627,7 +639,7 @@ static int hyper_setup_container_rootfs(void *data) fprintf(stdout, "root directory for container is %s/%s, init task %s\n", root, container->rootfs, container->exec.argv[0]); - sprintf(rootfs, "%s/%s/", root, container->rootfs); + if (mount(rootfs, rootfs, NULL, MS_BIND|MS_REC, NULL) < 0) { perror("failed to bind rootfs"); goto fail; diff --git a/src/portmapping.c b/src/portmapping.c index c9f9a6f6..ef6a90f2 100644 --- a/src/portmapping.c +++ b/src/portmapping.c @@ -167,6 +167,15 @@ int hyper_setup_portmapping(struct hyper_pod *pod) int hyper_setup_container_portmapping(struct hyper_container *c, struct hyper_pod *pod) { // only allow network request from internal white list + + //Disabling it for now for no 9p case. + //TODO - iptables file is generated after VM is booted, + //so this needs to be addressed later by rearranging the way + //iptables file is generated. + if (pod->share_tag == NULL) { + return 0; + } + int i = 0, j = 0; char rule[128] = {0}; char iptables_restore[512];