diff options
Diffstat (limited to 'meta/recipes-core/systemd')
| -rw-r--r-- | meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch | 43 |
1 files changed, 7 insertions, 36 deletions
diff --git a/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch b/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch index b1d3d6963c..94a4c307b5 100644 --- a/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch +++ b/meta/recipes-core/systemd/systemd/0027-proc-dont-trigger-mount-error-with-invalid-options-o.patch | |||
| @@ -36,10 +36,10 @@ systemd 247 and above plus kernel v5.7 or older will need this. | |||
| 36 | Upstream-Status: Denied [https://github.com/systemd/systemd/issues/16896] | 36 | Upstream-Status: Denied [https://github.com/systemd/systemd/issues/16896] |
| 37 | Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> | 37 | Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| 38 | 38 | ||
| 39 | diff --git a/src/core/namespace.c b/src/core/namespace.c | 39 | Index: git/src/core/namespace.c |
| 40 | index cdf427a6ea93..f8fc33a89fc2 100644 | 40 | =================================================================== |
| 41 | --- a/src/core/namespace.c | 41 | --- git.orig/src/core/namespace.c |
| 42 | +++ b/src/core/namespace.c | 42 | +++ git/src/core/namespace.c |
| 43 | @@ -4,7 +4,9 @@ | 43 | @@ -4,7 +4,9 @@ |
| 44 | #include <linux/loop.h> | 44 | #include <linux/loop.h> |
| 45 | #include <sched.h> | 45 | #include <sched.h> |
| @@ -50,11 +50,9 @@ index cdf427a6ea93..f8fc33a89fc2 100644 | |||
| 50 | #include <unistd.h> | 50 | #include <unistd.h> |
| 51 | #include <linux/fs.h> | 51 | #include <linux/fs.h> |
| 52 | 52 | ||
| 53 | @@ -859,14 +861,34 @@ static int mount_sysfs(const MountEntry *m) { | 53 | @@ -860,13 +862,32 @@ static int mount_sysfs(const MountEntry |
| 54 | } | ||
| 55 | 54 | ||
| 56 | static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { | 55 | static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { |
| 57 | + _cleanup_free_ char *opts = NULL; | ||
| 58 | const char *entry_path; | 56 | const char *entry_path; |
| 59 | - int r; | 57 | - int r; |
| 60 | + int r, major, minor; | 58 | + int r, major, minor; |
| @@ -86,41 +84,14 @@ index cdf427a6ea93..f8fc33a89fc2 100644 | |||
| 86 | /* Mount a new instance, so that we get the one that matches our user namespace, if we are running in | 84 | /* Mount a new instance, so that we get the one that matches our user namespace, if we are running in |
| 87 | * one. i.e we don't reuse existing mounts here under any condition, we want a new instance owned by | 85 | * one. i.e we don't reuse existing mounts here under any condition, we want a new instance owned by |
| 88 | * our user namespace and with our hidepid= settings applied. Hence, let's get rid of everything | 86 | * our user namespace and with our hidepid= settings applied. Hence, let's get rid of everything |
| 89 | @@ -875,9 +897,8 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { | 87 | @@ -875,8 +896,8 @@ static int mount_procfs(const MountEntry |
| 90 | (void) mkdir_p_label(entry_path, 0755); | 88 | (void) mkdir_p_label(entry_path, 0755); |
| 91 | (void) umount_recursive(entry_path, 0); | 89 | (void) umount_recursive(entry_path, 0); |
| 92 | 90 | ||
| 93 | - if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || | 91 | - if (ns_info->protect_proc != PROTECT_PROC_DEFAULT || |
| 94 | - ns_info->proc_subset != PROC_SUBSET_ALL) { | 92 | - ns_info->proc_subset != PROC_SUBSET_ALL) { |
| 95 | - _cleanup_free_ char *opts = NULL; | ||
| 96 | + if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || | 93 | + if (!old && (ns_info->protect_proc != PROTECT_PROC_DEFAULT || |
| 97 | + ns_info->proc_subset != PROC_SUBSET_ALL)) { | 94 | + ns_info->proc_subset != PROC_SUBSET_ALL)) { |
| 95 | _cleanup_free_ char *opts = NULL; | ||
| 98 | 96 | ||
| 99 | /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it | 97 | /* Starting with kernel 5.8 procfs' hidepid= logic is truly per-instance (previously it |
| 100 | * pretended to be per-instance but actually was per-namespace), hence let's make use of it | ||
| 101 | @@ -891,21 +912,9 @@ static int mount_procfs(const MountEntry *m, const NamespaceInfo *ns_info) { | ||
| 102 | ns_info->proc_subset == PROC_SUBSET_PID ? ",subset=pid" : ""); | ||
| 103 | if (!opts) | ||
| 104 | return -ENOMEM; | ||
| 105 | - | ||
| 106 | - r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); | ||
| 107 | - if (r < 0) { | ||
| 108 | - if (r != -EINVAL) | ||
| 109 | - return r; | ||
| 110 | - | ||
| 111 | - /* If this failed with EINVAL then this likely means the textual hidepid= stuff is | ||
| 112 | - * not supported by the kernel, and thus the per-instance hidepid= neither, which | ||
| 113 | - * means we really don't want to use it, since it would affect our host's /proc | ||
| 114 | - * mount. Hence let's gracefully fallback to a classic, unrestricted version. */ | ||
| 115 | - } else | ||
| 116 | - return 1; | ||
| 117 | } | ||
| 118 | |||
| 119 | - r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL); | ||
| 120 | + r = mount_nofollow_verbose(LOG_DEBUG, "proc", entry_path, "proc", MS_NOSUID|MS_NOEXEC|MS_NODEV, opts); | ||
| 121 | if (r < 0) | ||
| 122 | return r; | ||
| 123 | |||
| 124 | -- | ||
| 125 | 2.29.2 | ||
| 126 | |||