summaryrefslogtreecommitdiffstats
path: root/meta/recipes-core
diff options
context:
space:
mode:
authorRichard Purdie <richard.purdie@linuxfoundation.org>2021-02-13 17:21:15 +0000
committerRichard Purdie <richard.purdie@linuxfoundation.org>2021-02-16 11:28:16 +0000
commit4e585ef52b0bba5e8438823a159863ec2e103c1b (patch)
tree830b0729d421c57b7bf08c3c649c05db571ea02e /meta/recipes-core
parentc8d4f2e401b6c5ce6f753ea79d8e33d07524e9ca (diff)
downloadpoky-4e585ef52b0bba5e8438823a159863ec2e103c1b.tar.gz
systemd: Simplify mount error patch
As mentioned during review, this patch can be less invasive and hence easier to maintain. Improve as such. (From OE-Core rev: 3a1bd768e62a493aa73e82f5c443ca28b108af51) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-core')
-rw-r--r--meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch43
1 files changed, 7 insertions, 36 deletions
diff --git a/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch b/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch
index b1d3d6963c..94a4c307b5 100644
--- a/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch
+++ b/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch
@@ -36,10 +36,10 @@ systemd 247 and above plus kernel v5.7 or older will need this.
36Upstream-Status: Denied [https://github.com/systemd/systemd/issues/16896] 36Upstream-Status: Denied [https://github.com/systemd/systemd/issues/16896]
37Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> 37Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
38 38
39diff --git a/src/core/namespace.c b/src/core/namespace.c 39Index: git/src/core/namespace.c
40index cdf427a6ea93..f8fc33a89fc2 100644 40===================================================================
41--- a/src/core/namespace.c 41--- git.orig/src/core/namespace.c
42+++ b/src/core/namespace.c 42+++ git/src/core/namespace.c
43@@ -4,7 +4,9 @@ 43@@ -4,7 +4,9 @@
44 #include <linux/loop.h> 44 #include <linux/loop.h>
45 #include <sched.h> 45 #include <sched.h>
@@ -50,11 +50,9 @@ index cdf427a6ea93..f8fc33a89fc2 100644
50 #include <unistd.h> 50 #include <unistd.h>
51 #include <linux/fs.h> 51 #include <linux/fs.h>
52 52
53@@ -859,14 +861,34 @@ static int mount_sysfs(const MountEntry *m) { 53@@ -860,13 +862,32 @@ static int mount_sysfs(const MountEntry
54 }
55 54
56 static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { 55 static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) {
57+ _cleanup_free_ char *opts = NULL;
58 const char *entry_path; 56 const char *entry_path;
59- int r; 57- int r;
60+ int r, major, minor; 58+ int r, major, minor;
@@ -86,41 +84,14 @@ index cdf427a6ea93..f8fc33a89fc2 100644
86 /* Mount a new instance, so that we get the one that matches our user namespace, if we are running in 84 /* Mount a new instance, so that we get the one that matches our user namespace, if we are running in
87 * one. i.e we don't reuse existing mounts here under any condition, we want a new instance owned by 85 * one. i.e we don't reuse existing mounts here under any condition, we want a new instance owned by
88 * our user namespace and with our hidepid= settings applied. Hence, let's get rid of everything 86 * our user namespace and with our hidepid= settings applied. Hence, let's get rid of everything
89@@ -875,9 +897,8 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { 87@@ -875,8 +896,8 @@ static int mount_procfs(const MountEntry
90 (void) mkdir_p_label(entry_path, 0755); 88 (void) mkdir_p_label(entry_path, 0755);
91 (void) umount_recursive(entry_path, 0); 89 (void) umount_recursive(entry_path, 0);
92 90
93- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || 91- if (ns_info->protect_proc != PROTECT_PROC_DEFAULT ||
94- ns_info->proc_subset != PROC_SUBSET_ALL) { 92- ns_info->proc_subset != PROC_SUBSET_ALL) {
95- _cleanup_free_ char *opts = NULL;
96+ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || 93+ if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT ||
97+ ns_info->proc_subset != PROC_SUBSET_ALL)) { 94+ ns_info->proc_subset != PROC_SUBSET_ALL)) {
95 _cleanup_free_ char *opts = NULL;
98 96
99 /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it 97 /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it
100 * pretended to be per-instance but actually was per-namespace), hence let's make use of it
101@@ -891,21 +912,9 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) {
102 ns_info->proc_subset == PROC_SUBSET_PID ? ",subset=pid" : "");
103 if (!opts)
104 return -ENOMEM;
105-
106- r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts);
107- if (r < 0) {
108- if (r != -EINVAL)
109- return r;
110-
111- /* If this failed with EINVAL then this likely means the textual hidepid= stuff is
112- * not supported by the kernel, and thus the per-instance hidepid= neither, which
113- * means we really don't want to use it, since it would affect our host's /proc
114- * mount. Hence let's gracefully fallback to a classic, unrestricted version. */
115- } else
116- return 1;
117 }
118
119- r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL);
120+ r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts);
121 if (r < 0)
122 return r;
123
124--
1252.29.2
126
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-05-12 22:27:47 +0000