From abad72be4df9d5a13ceecd5b4d073adb370882b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Fri, 10 Jul 2020 22:08:50 +0200 Subject: [PATCH] namespace: fix MAC labels of TemporaryFileSystem= Reproducible with: systemd-run -p TemporaryFileSystem=/root -t /bin/bash ls -dZ /root Prior: root:object_r:tmpfs_t:s0 /root Past: root:object_r:user_home_dir_t:s0 /root --- src/core/namespace.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/src/core/namespace.c b/src/core/namespace.c index b2bbcf58f2..ebdbb7545b 100644 --- a/src/core/namespace.c +++ b/src/core/namespace.c @@ -860,15 +860,23 @@ static int mount_procfs(const MountEntry *m) { } static int mount_tmpfs(const MountEntry *m) { + int r; + const char *entry_path = mount_entry_path(m); + const char *source_path = m->path_const; + assert(m); /* First, get rid of everything that is below if there is anything. Then, overmount with our new tmpfs */ - (void) mkdir_p_label(mount_entry_path(m), 0755); - (void) umount_recursive(mount_entry_path(m), 0); + (void) mkdir_p_label(entry_path, 0755); + (void) umount_recursive(entry_path, 0); - if (mount("tmpfs", mount_entry_path(m), "tmpfs", m->flags, mount_entry_options(m)) < 0) - return log_debug_errno(errno, "Failed to mount %s: %m", mount_entry_path(m)); + if (mount("tmpfs", entry_path, "tmpfs", m->flags, mount_entry_options(m)) < 0) + return log_debug_errno(errno, "Failed to mount %s: %m", entry_path); + + r = label_fix_container(entry_path, source_path, 0); + if (r < 0) + return log_error_errno(r, "Failed to fix label of '%s' as '%s': %m", entry_path, source_path); return 1; }