picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

mount-setup: change the system mount propagation to shared by default only at bootup 

The commit b3ac5f8cb9 has changed the system mount propagation to
shared by default, and according to the following patch:
https://github.com/opencontainers/runc/pull/208
When starting the container, the pouch daemon will call runc to execute
make-private.

However, if the systemctl daemon-reexec is executed after the container
has been started, the system mount propagation will be changed to share
again by default, and the make-private operation above will have no chance
to execute.
This commit is contained in:
Wen Yang 2020-03-23 10:42:46 +08:00 committed by Lennart Poettering
parent ca03142040
commit f74349d88b
3 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/core/main.c
View File

@ -2581,7 +2581,7 @@ int main(int argc, char *argv[]) {
if (!skip_setup)
kmod_setup();
r = mount_setup(loaded_policy);
r = mount_setup(loaded_policy, skip_setup);
if (r < 0) {
error_message = "Failed to mount API filesystems";
goto finish;

4
src/core/mount-setup.c
View File

@ -478,7 +478,7 @@ static int relabel_extra(void) {
}
#endif
int mount_setup(bool loaded_policy) {
int mount_setup(bool loaded_policy, bool leave_propagation) {
int r = 0;
r = mount_points_setup(ELEMENTSOF(mount_table), loaded_policy);
@ -524,7 +524,7 @@ int mount_setup(bool loaded_policy) {
* needed. Note that we set this only when we are invoked directly by the kernel. If we are invoked by a
* container manager we assume the container manager knows what it is doing (for example, because it set up
* some directories with different propagation modes). */
if (detect_container() <= 0)
if (detect_container() <= 0 && !leave_propagation)
if (mount(NULL, "/", NULL, MS_REC|MS_SHARED, NULL) < 0)
log_warning_errno(errno, "Failed to set up the root directory for shared mount propagation: %m");

2
src/core/mount-setup.h
View File

@ -4,7 +4,7 @@
#include <stdbool.h>
int mount_setup_early(void);
int mount_setup(bool loaded_policy);
int mount_setup(bool loaded_policy, bool leave_propagation);
int mount_cgroup_controllers(void);