nspawn: mkdir selinux mount point once, but not twice
Since #15533 we didn't create the mount point for selinuxfs anymore. Before it we created it twice because we mount selinuxfs twice: once the superblock, and once we remount its bind mound read-only. The second mkdir would mean we'd chown() the host version of selinuxfs (since there's only one selinuxfs superblock kernel-wide). The right time to create mount point point is once: before we mount the selinuxfs. But not a second time for the remount. Fixes: #16032
This commit is contained in:
parent
75ae672bb2
commit
6fe01ced0e
|
@ -619,9 +619,9 @@ int mount_all(const char *dest,
|
||||||
|
|
||||||
#if HAVE_SELINUX
|
#if HAVE_SELINUX
|
||||||
{ "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND,
|
{ "/sys/fs/selinux", "/sys/fs/selinux", NULL, NULL, MS_BIND,
|
||||||
0 }, /* Bind mount first */
|
MOUNT_MKDIR }, /* Bind mount first (mkdir/chown the mount point in case /sys/ is mounted as minimal skeleton tmpfs) */
|
||||||
{ NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
|
{ NULL, "/sys/fs/selinux", NULL, NULL, MS_BIND|MS_RDONLY|MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_REMOUNT,
|
||||||
0 }, /* Then, make it r/o */
|
0 }, /* Then, make it r/o (don't mkdir/chown the mount point here, the previous entry already did that) */
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue