nspawn: EROFS for chowning mount points is not fatal (#7122)

This fixes --read-only with --private-users. mkdir_userns_p may return -EROFS if either mkdir or lchown fails; lchown failing is fine as the mount point will just be overmounted, and if mkdir fails then the following mount() will also fail (with ENOENT).
2017-10-24 20:40:50 +03:00 · 2017-10-24 20:40:50 +03:00 · 4f13e53428
parent e6b2d948f8
commit 4f13e53428
1 changed files with 6 additions and 2 deletions
--- a/src/nspawn/nspawn-mount.c
+++ b/src/nspawn/nspawn-mount.c
@ -598,11 +598,15 @@ int mount_all(const char *dest,

                r = mkdir_userns_p(dest, where, 0755, mount_settings, uid_shift);
                if (r < 0 && r != -EEXIST) {
-                        if (fatal)
+                        if (fatal && r != -EROFS)
                                return log_error_errno(r, "Failed to create directory %s: %m", where);

                        log_debug_errno(r, "Failed to create directory %s: %m", where);
-                        continue;
+                        /* If we failed mkdir() or chown() due to the root
+                         * directory being read only, attempt to mount this fs
+                         * anyway and let mount_verbose log any errors */
+                        if (r != -EROFS)
+                                continue;
                }

                o = mount_table[k].options;