diff options
| author | Djalal Harouni <tixxdz@gmail.com> | 2017-03-05 21:19:29 +0100 |
|---|---|---|
| committer | Djalal Harouni <tixxdz@gmail.com> | 2017-03-05 21:19:29 +0100 |
| commit | 10404d52e3402cd312a487fb88c23939ba35234a (patch) | |
| tree | 5d4e04e1a8b688ba8c3eb518eabae6c38f5497e6 /src/core/namespace.c | |
| parent | 77313738fe0d656e6aa034a501b80def18a43103 (diff) | |
| download | systemd-10404d52e3402cd312a487fb88c23939ba35234a.tar.gz | |
namespace: create base-filesystem directories if RootImage= or RootDirectory= are set
When a service is started with its own file system image, always try to
create the base-filesystem directories that are needed. This implicitly
covers the directories handled by MountAPIVFS= {/proc|/sys|/dev}.
Mount protections or MountAPIVFS= mounts were never applied if we
changed the root directory and the related paths were not present under
the new root. The mounts were silently. Fix this by creating those
directories if they are missing.
Closes https://github.com/systemd/systemd/issues/5488
Diffstat (limited to 'src/core/namespace.c')
| -rw-r--r-- | src/core/namespace.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/core/namespace.c b/src/core/namespace.c index 4f29217bc4..673b836489 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -27,6 +27,7 @@ #include <linux/fs.h> #include "alloc-util.h" +#include "base-filesystem.h" #include "dev-setup.h" #include "fd-util.h" #include "fs-util.h" @@ -1044,6 +1045,10 @@ int setup_namespace( } } + /* Try to set up the new root directory before mounting anything there */ + if (root_directory) + (void) base_filesystem_create(root_directory, UID_INVALID, GID_INVALID); + if (root_image) { r = dissected_image_mount(dissected_image, root_directory, dissect_image_flags); if (r < 0) |