From 7d7afa4f9adf5fbae93da5fd26c7b91496ace36b Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@citynetwork.eu>
Date: Tue, 15 Sep 2020 17:45:07 +0300
Subject: [PATCH] Add some protection from shadowing mount

Currently we do have wrong bind mount order, due to which /var/log/journal
is shadow mounted with later added /var/log mount.
To prevent this we're inserting new mounts before existing ones
in case where they could shadow mount destination.

Change-Id: Id8cca6d83c75202a273df23be353480366ead156
Closes-Bug: #1895533
---
 playbooks/common-tasks/os-lxc-container-setup.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/playbooks/common-tasks/os-lxc-container-setup.yml b/playbooks/common-tasks/os-lxc-container-setup.yml
index aa76bc42f5..008d88fe06 100644
--- a/playbooks/common-tasks/os-lxc-container-setup.yml
+++ b/playbooks/common-tasks/os-lxc-container-setup.yml
@@ -50,6 +50,7 @@
   lineinfile:
     dest: "/var/lib/lxc/{{ inventory_hostname }}/config"
     line: "lxc.mount.entry = {{ item['mount_path'] }} {{ item['bind_dir_path'].lstrip('/') }} none bind,create=dir 0 0"
+    insertbefore: "^lxc.mount.entry = .*\\s{{ item['bind_dir_path'].lstrip('/') | regex_replace('/', '\/') }}.*"
     backup: "true"
   with_items:
     - "{{ lxc_default_bind_mounts | default([]) }}"