diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2021-01-15 00:26:15 -0500 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-01-16 22:39:35 +0000 |
commit | 61fb0a5dc013df89499232e6d19b02afb4533509 (patch) | |
tree | 2aa7931e962d634cd5cc1d33bb7d42e567ec0eed /meta/recipes-core | |
parent | 49c4fdcb884057c0fc713925c8040e36fd26af8d (diff) | |
download | poky-61fb0a5dc013df89499232e6d19b02afb4533509.tar.gz |
systemd: dont spew hidepid mount errors for kernels < v5.8
Recent systemd started using ascii args to "hidepid=" mount options
for proc fs - unconditionally -- even though kernels older than v5.8
emit an error message on each attempt:
root@qemux86-64:~# cat /proc/version
Linux version 5.4.87-yocto-standard (oe-user@oe-host) (gcc version 10.2.0 (GCC)) #1 SMP PREEMPT Fri Jan 8 01:47:13 UTC 2021
root@qemux86-64:~# dmesg|grep proc:
[ 29.487995] proc: Bad value for 'hidepid'
[ 43.170571] proc: Bad value for 'hidepid'
[ 44.175615] proc: Bad value for 'hidepid'
[ 46.213300] proc: Bad value for 'hidepid'
root@qemux86-64:~#
Simply ignoring them as the systemd maintainer unconditionally says
is the resolution is clearly not acceptable, given the above.
Add a kernel version check to avoid calling mount with invalid args.
Further details are within the enclosed systemd commit.
Cc: Luca Boccassi <luca.boccassi@microsoft.com>
Cc: Richard Purdie <richard.purdie@linuxfoundation.org>
(From OE-Core rev: 76107fd7372559aa4cd22a89d5517a4dfce9314d)
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r-- | meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch | 126 | ||||
-rw-r--r-- | meta/recipes-core/systemd/systemd_247.2.bb | 1 |
2 files changed, 127 insertions, 0 deletions
diff --git a/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch b/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch new file mode 100644 index 0000000000..b1d3d6963c --- /dev/null +++ b/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch | |||
@@ -0,0 +1,126 @@ | |||
1 | From 297aba739cd689e4dc9f43bb1422ec88d481099a Mon Sep 17 00:00:00 2001 | ||
2 | From: Paul Gortmaker <paul.gortmaker@windriver.com> | ||
3 | Date: Wed, 13 Jan 2021 21:09:33 +0000 | ||
4 | Subject: [PATCH] proc: dont trigger mount error with invalid options on old | ||
5 | kernels | ||
6 | |||
7 | As of commit 4e39995371738b04d98d27b0d34ea8fe09ec9fab ("core: introduce | ||
8 | ProtectProc= and ProcSubset= to expose hidepid= and subset= procfs | ||
9 | mount options") kernels older than v5.8 generate multple warnings at | ||
10 | boot, as seen in this Yocto build from today: | ||
11 | |||
12 | qemux86-64 login: root | ||
13 | [ 65.829009] proc: Bad value for 'hidepid' | ||
14 | root@qemux86-64:~# dmesg|grep proc: | ||
15 | [ 16.990706] proc: Bad value for 'hidepid' | ||
16 | [ 28.060178] proc: Bad value for 'hidepid' | ||
17 | [ 28.874229] proc: Bad value for 'hidepid' | ||
18 | [ 32.685107] proc: Bad value for 'hidepid' | ||
19 | [ 65.829009] proc: Bad value for 'hidepid' | ||
20 | root@qemux86-64:~# | ||
21 | |||
22 | The systemd maintainer has dismissed this as something people should | ||
23 | simply ignore[1] and has no interest in trying to avoid it by | ||
24 | proactively checking the kernel version, so people can safely assume | ||
25 | that they will never see this version check commit upstream. | ||
26 | |||
27 | However, as can be seen above, telling people to just ignore it is not | ||
28 | an option, as we'll end up answering the same question and dealing with | ||
29 | the same bug over and over again. | ||
30 | |||
31 | The commit that triggers this is systemd v247-rc1~378^2~3 -- so any | ||
32 | systemd 247 and above plus kernel v5.7 or older will need this. | ||
33 | |||
34 | [1] https://github.com/systemd/systemd/issues/16896 | ||
35 | |||
36 | Upstream-Status: Denied [https://github.com/systemd/systemd/issues/16896] | ||
37 | Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> | ||
38 | |||
39 | diff --git a/src/core/namespace.c b/src/core/namespace.c | ||
40 | index cdf427a6ea93..f8fc33a89fc2 100644 | ||
41 | --- a/src/core/namespace.c | ||
42 | +++ b/src/core/namespace.c | ||
43 | @@ -4,7 +4,9 @@ | ||
44 | #include <linux/loop.h> | ||
45 | #include <sched.h> | ||
46 | #include <stdio.h> | ||
47 | +#include <stdlib.h> | ||
48 | #include <sys/mount.h> | ||
49 | +#include <sys/utsname.h> | ||
50 | #include <unistd.h> | ||
51 | #include <linux/fs.h> | ||
52 | |||
53 | @@ -859,14 +861,34 @@ static int mount_sysfs(const MountEntry *m) { | ||
54 | } | ||
55 | |||
56 | static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { | ||
57 | + _cleanup_free_ char *opts = NULL; | ||
58 | const char *entry_path; | ||
59 | - int r; | ||
60 | + int r, major, minor; | ||
61 | + struct utsname uts; | ||
62 | + bool old = false; | ||
63 | |||
64 | assert(m); | ||
65 | assert(ns_info); | ||
66 | |||
67 | entry_path = mount_entry_path(m); | ||
68 | |||
69 | + /* If uname says that the system is older than v5.8, then the textual hidepid= stuff is not | ||
70 | + * supported by the kernel, and thus the per-instance hidepid= neither, which means we | ||
71 | + * really don't want to use it, since it would affect our host's /proc * mount. Hence let's | ||
72 | + * gracefully fallback to a classic, unrestricted version. */ | ||
73 | + | ||
74 | + r = uname(&uts); | ||
75 | + if (r < 0) | ||
76 | + return errno; | ||
77 | + | ||
78 | + major = atoi(uts.release); | ||
79 | + minor = atoi(strchr(uts.release, '.') + 1); | ||
80 | + | ||
81 | + if (major < 5 || (major == 5 && minor < 8)) { | ||
82 | + log_debug("Pre v5.8 kernel detected [v%d.%d] - skipping hidepid=", major, minor); | ||
83 | + old = true; | ||
84 | + } | ||
85 | + | ||
86 | /* Mount a new instance, so that we get the one that matches our user namespace, if we are running in | ||
87 | * one. i.e we don't reuse existing mounts here under any condition, we want a new instance owned by | ||
88 | * our user namespace and with our hidepid= settings applied. Hence, let's get rid of everything | ||
89 | @@ -875,9 +897,8 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { | ||
90 | (void) mkdir_p_label(entry_path, 0755); | ||
91 | (void) umount_recursive(entry_path, 0); | ||
92 | |||
93 | - if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || | ||
94 | - ns_info->proc_subset != PROC_SUBSET_ALL) { | ||
95 | - _cleanup_free_ char *opts = NULL; | ||
96 | + if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || | ||
97 | + ns_info->proc_subset != PROC_SUBSET_ALL)) { | ||
98 | |||
99 | /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it | ||
100 | * pretended to be per-instance but actually was per-namespace), hence let's make use of it | ||
101 | @@ -891,21 +912,9 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { | ||
102 | ns_info->proc_subset == PROC_SUBSET_PID ? ",subset=pid" : ""); | ||
103 | if (!opts) | ||
104 | return -ENOMEM; | ||
105 | - | ||
106 | - r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); | ||
107 | - if (r < 0) { | ||
108 | - if (r != -EINVAL) | ||
109 | - return r; | ||
110 | - | ||
111 | - /* If this failed with EINVAL then this likely means the textual hidepid= stuff is | ||
112 | - * not supported by the kernel, and thus the per-instance hidepid= neither, which | ||
113 | - * means we really don't want to use it, since it would affect our host's /proc | ||
114 | - * mount. Hence let's gracefully fallback to a classic, unrestricted version. */ | ||
115 | - } else | ||
116 | - return 1; | ||
117 | } | ||
118 | |||
119 | - r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL); | ||
120 | + r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); | ||
121 | if (r < 0) | ||
122 | return r; | ||
123 | |||
124 | -- | ||
125 | 2.29.2 | ||
126 | |||
diff --git a/meta/recipes-core/systemd/systemd_247.2.bb b/meta/recipes-core/systemd/systemd_247.2.bb index 5eea78eff3..84d997196c 100644 --- a/meta/recipes-core/systemd/systemd_247.2.bb +++ b/meta/recipes-core/systemd/systemd_247.2.bb | |||
@@ -23,6 +23,7 @@ SRC_URI += "file://touchscreen.rules \ | |||
23 | file://0003-implment-systemd-sysv-install-for-OE.patch \ | 23 | file://0003-implment-systemd-sysv-install-for-OE.patch \ |
24 | file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \ | 24 | file://0001-systemd.pc.in-use-ROOTPREFIX-without-suffixed-slash.patch \ |
25 | file://0001-logind-Restore-chvt-as-non-root-user-without-polkit.patch \ | 25 | file://0001-logind-Restore-chvt-as-non-root-user-without-polkit.patch \ |
26 | file://0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch \ | ||
26 | " | 27 | " |
27 | 28 | ||
28 | # patches needed by musl | 29 | # patches needed by musl |