packages/systemd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
systemd/backport-mount-setup-change-the-system-mount-propagation-to-s.patch
h30032433 b65a3d97c8 sync community patches
2023-12-08 15:09:15 +08:00

79 lines
2.9 KiB
Diff
Raw Blame History

From f74349d88bb039a134b225653e8e59d04af4bb7f Mon Sep 17 00:00:00 2001
From: Wen Yang <wenyang@linux.alibaba.com>
Date: Mon, 23 Mar 2020 10:42:46 +0800
Subject: [PATCH] mount-setup: change the system mount propagation to shared by
default only at bootup
The commit b3ac5f8cb987 has changed the system mount propagation to
shared by default, and according to the following patch:
https://github.com/opencontainers/runc/pull/208
When starting the container, the pouch daemon will call runc to execute
make-private.
However, if the systemctl daemon-reexec is executed after the container
has been started, the system mount propagation will be changed to share
again by default, and the make-private operation above will have no chance
to execute.
Conflict:NA
Reference:https://github.com/systemd/systemd/pull/15196/commits/5b054354c2004dd67ebb2e9ee213e8528889687f
---
src/core/main.c | 2 +-
src/core/mount-setup.c | 4 ++--
src/core/mount-setup.h | 2 +-
3 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
index d700b3afc5..db6521b924 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -2581,7 +2581,7 @@ int main(int argc, char *argv[]) {
if (!skip_setup)
kmod_setup();
- r = mount_setup(loaded_policy);
+ r = mount_setup(loaded_policy, skip_setup);
if (r < 0) {
error_message = "Failed to mount API filesystems";
goto finish;
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index 284e3f6b07..ffe3d4cc64 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -478,7 +478,7 @@ static int relabel_extra(void) {
}
#endif
-int mount_setup(bool loaded_policy) {
+int mount_setup(bool loaded_policy, bool leave_propagation) {
int r = 0;
r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy);
@@ -524,7 +524,7 @@ int mount_setup(bool loaded_policy) {
* needed. Note that we set this only when we are invoked directly by the kernel. If we are invoked by a
* container manager we assume the container manager knows what it is doing (for example, because it set up
* some directories with different propagation modes). */
- if (detect_container() <= 0)
+ if (detect_container() <= 0 && !leave_propagation)
if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
log_warning_errno(errno, "Failed to set up the root directory for shared mount propagation: %m");
diff --git a/src/core/mount-setup.h b/src/core/mount-setup.h
index b4ca2cf4b4..bccd094961 100644
--- a/src/core/mount-setup.h
+++ b/src/core/mount-setup.h
@@ -4,7 +4,7 @@
#include <stdbool.h>
int mount_setup_early(void);
-int mount_setup(bool loaded_policy);
+int mount_setup(bool loaded_policy, bool leave_propagation);
int mount_cgroup_controllers(void);
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink