diff options
| author | Christian Brauner <brauner@kernel.org> | 2022-11-24 10:45:24 +0100 |
|---|---|---|
| committer | Christian Brauner (Microsoft) <brauner@kernel.org> | 2022-12-05 18:34:25 +0100 |
| commit | 57c10a5650f6bb7180f3bec31a3f24239a81be39 (patch) | |
| tree | f21c1891d597e0a45a1c9b697fe79f6cfcb4a48e /src/nspawn | |
| parent | 2e776ed6c8649d5991de5d2a7c0334a77485456c (diff) | |
| download | systemd-57c10a5650f6bb7180f3bec31a3f24239a81be39.tar.gz | |
nspawn: support pivot_root()
In order to support pivot_root() we need to move mount propagation
changes after the pivot_root(). While MS_MOVE requires the source mount
to not be a shared mount pivot_root() also requires the target mount to
not be a shared mount. This guarantees that pivot_root() doesn't leak
any mounts.
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Diffstat (limited to 'src/nspawn')
| -rw-r--r-- | src/nspawn/nspawn.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c index d7b636209e..5844674d95 100644 --- a/src/nspawn/nspawn.c +++ b/src/nspawn/nspawn.c @@ -3858,19 +3858,6 @@ static int outer_child( unified_cgroup_hierarchy_socket = safe_close(unified_cgroup_hierarchy_socket); } - /* Mark everything as shared so our mounts get propagated down. This is required to make new bind - * mounts available in systemd services inside the container that create a new mount namespace. See - * https://github.com/systemd/systemd/issues/3860 Further submounts (such as /dev) done after this - * will inherit the shared propagation mode. - * - * IMPORTANT: Do not overmount the root directory anymore from now on to enable moving the root - * directory mount to root later on. - * https://github.com/systemd/systemd/issues/3847#issuecomment-562735251 - */ - r = mount_nofollow_verbose(LOG_ERR, NULL, directory, NULL, MS_SHARED|MS_REC, NULL); - if (r < 0) - return r; - r = recursive_chown(directory, arg_uid_shift, arg_uid_range); if (r < 0) return r; @@ -3974,7 +3961,16 @@ static int outer_child( return r; } - r = mount_move_root(directory); + /* Mark everything as shared so our mounts get propagated down. This is required to make new bind + * mounts available in systemd services inside the container that create a new mount namespace. See + * https://github.com/systemd/systemd/issues/3860 Further submounts (such as /dev) done after this + * will inherit the shared propagation mode. + * + * IMPORTANT: Do not overmount the root directory anymore from now on to enable moving the root + * directory mount to root later on. + * https://github.com/systemd/systemd/issues/3847#issuecomment-562735251 + */ + r = mount_switch_root(directory, MOUNT_ATTR_PROPAGATION_SHARED); if (r < 0) return log_error_errno(r, "Failed to move root directory: %m"); |