process-util: add new FORK_NEW_MOUNTNS flag to safe_fork()

That way we can move one more code location to use safe_fork()
2017-12-29 18:52:20 +01:00 · 2017-12-29 18:52:20 +01:00 · be39f6ee31
parent 3f60395254
commit be39f6ee31
3 changed files with 8 additions and 12 deletions
--- a/src/basic/process-util.c
+++ b/src/basic/process-util.c
@ -1199,7 +1199,10 @@ int safe_fork_full(
                if (sigprocmask(SIG_SETMASK, &ss, &saved_ss) < 0)
                        return log_full_errno(prio, errno, "Failed to set signal mask: %m");

-        pid = fork();
+        if (flags & FORK_NEW_MOUNTNS)
+                pid = raw_clone(SIGCHLD|CLONE_NEWNS);
+        else
+                pid = fork();
        if (pid < 0) {
                r = -errno;

--- a/src/basic/process-util.h
+++ b/src/basic/process-util.h
@ -168,6 +168,7 @@ typedef enum ForkFlags {
        FORK_REOPEN_LOG    = 1U << 4,
        FORK_LOG           = 1U << 5,
        FORK_WAIT          = 1U << 6,
+        FORK_NEW_MOUNTNS   = 1U << 7,
 } ForkFlags;

 int safe_fork_full(const char *name, const int except_fds[], size_t n_except_fds, ForkFlags flags, pid_t *ret_pid);
--- a/src/shared/dissect-image.c
+++ b/src/shared/dissect-image.c
@ -1259,18 +1259,10 @@ int dissected_image_acquire_metadata(DissectedImage *m) {
        if (r < 0)
                goto finish;

-        child = raw_clone(SIGCHLD|CLONE_NEWNS);
-        if (child < 0) {
-                r = -errno;
+        r = safe_fork("(sd-dissect)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_NEW_MOUNTNS, &child);
+        if (r < 0)
                goto finish;
-        }
-
-        if (child == 0) {
-
-                (void) reset_all_signal_handlers();
-                (void) reset_signal_mask();
-                assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0);
-
+        if (r == 0) {
                /* Make sure we never propagate to the host */
                if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL) < 0)
                        _exit(EXIT_FAILURE);